We are committed to protecting your personal information and being transparent about what we do with it, however you interact with us. We are therefore committed to using your personal information in accordance with our responsibilities. As part of this, we are required to provide you with the information in this Privacy Notice under applicable law which includes:
We won’t do anything with your information you wouldn’t reasonably expect, and this policy explains how and what we do with your data and why we use and store it.
In this policy when we refer to The Outdoor Swimming Society, or OSS, or to ‘we’ or ‘us’ we are referring to The Outdoor Swimming Society Limited or OSS Trading Limited, which are non-profit making company limited by guarantee . The Outdoor Swimming Society (company no. 05847138) and OSS Trading Limited (company no. 07671591) are both registered in England at Blencathra, Bakers Lane, Chilcompton, Somerset. BA3 4EW.
If you have any queries about our Privacy Notice, please contact us by email on firstname.lastname@example.org or by post at Blencathra, Bakers Lane, Chilcompton, Somerset. BA3 4EW.
How and when we collect information about you
We may collect and store information about you whenever you interact with us. Examples of this include:
What personal information we collect
The types of personal information we collect will be based on the way in which you interact with The Outdoor Swimming Society. The majority of this information will be personal information, including your name, email address, postal address, telephone number, age and gender. The nature of the personal information collected will be based on how you interact with us, which is detailed in the following section. In all cases we only collect information that we need.
Some of the information collected may be data that is deemed ‘sensitive’ or ‘special category’ data. In the case of The Outdoor Swimming Society this sensitive data will be in the form of health data, specifically any medical conditions. Sensitive data will only be collected where necessary and where such data is needed to for safety reasons, for example, we need to know any medical conditions you have for events so that our safety team can provide the correct care for you during an event.
Why we collect your personal information and how it is stored
In almost all cases will only ever contact you following initial contact by you or following provision of personal information by you. We use and store your personal information in the following ways:
How long we store your information
We will keep your personal information collected for financial transactions, excluding your credit/debit card details, for as long as the law requires us to for tax or accounting purposes (which may be up to six years after a particular transaction).
When you unsubscribe from our newsletter your personal information will automatically be deleted through our mailing list database software, Mailchimp. If you wish to rejoin the mailing list at any point you will need to do this via our website.
In respect of any other personal information, we will retain it for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.
When we share your personal information
We will always only use your information for the purposes for which it was obtained. We will not, under any circumstances, sell or share your personal information with any third party for their own purposes, and you will not receive marketing from any other companies, charities or other organisations as a result of giving your details to us unless you explicitly consent to receive communication from them.
We may need to share your information with data hosting providers or service providers, such as our website developer, who help us to deliver our services. These providers will only act under our instruction and are subject to pre-contract scrutiny and contractual obligations containing strict data protection clauses.
We will also comply with requests where disclosure is required by law, for example, we may disclose your personal information to the government for tax investigation purposes, or to law enforcement agencies for the prevention and detection of crime. We may also share your information with the emergency services if we reasonably think there is a risk of serious harm or abuse to you or someone else.
Collecting your consent
If you change your mind in regards to whether you receive such communications please follow the unsubscribe link in the correspondence from the organisation in question.
Protecting your personal information
We undertake biannual reviews of those who have access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.
If you use your credit or debit card to buy something or make a booking online, we pass your card details securely using Woocommerce to SagePay. We never have direct access to your payment information.
Whilst we take all possible precautions to ensure your personal data is safe, there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data (including personal information) disclosed or transmitted over public networks.
Your rights to your personal information
Data protection legislation gives you the right to request access to personal information about you which is processed and stored by The Outdoor Swimming Society, and to have any inaccuracies corrected. You also have the right to ask us to delete your personal information or to object to our processing of your personal information. If you wish to exercise these rights, please email email@example.com
When asking for such a procedure, you will need to provide copies of two separate identification documents, such as a passport, driving licence, or utility bill, and any additional information that is relevant to the nature of your contact with us. This information will help us to locate your records. Please send these documents via post to Blencathra, Bakers Lane, Chilcompton, Somerset. BA3 4EW or email them to firstname.lastname@example.org
We will respond within 28 days, on receipt of your written request and copies of your identification documents. We reserve the right to charge a fee to process the request.
How we use Legitimate Interest
If we want to contact you on the basis of legitimate interest, The Outdoor Swimming Society will always create an legitimate interest impact assessment (LIA) prior to contacting you. Legitimate interest is the use of personal data by a data controller (in this case, us) that are deemed necessary (e.g. to provide the product or service) or reasonably to be expected by you. Some of the examples of why we would contact you on the basis of legitimate interest are:
Event photography is also undertaken on the grounds of legitimate interest. If you do not want to be photographed or for photos of yourself to be publicised (the ways in which we use photos is outlined in ‘Why we collect your data’ section) please contact email@example.com prior to or after the event, or identify yourself to the event photographer at the event.
Our policy for Under 16s
To register for our website or one of our events you need to be over 18 years old. If you are under the age of 18 you must have the consent of your parent or legal guardian to register for any of our services.
For events in which people under the age of 16 can enter (e.g. the mini swoosh) you must have the consent of your parent or legal guardian. Any personal information for anyone under the age of 18 will be kept for three years after the event date, as is our legal obligation.
External websites and social media platforms
We have strict security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. Whilst we can’t ensure or guarantee that loss, misuse or alteration of information won’t occur, we will always use standard industry methods to prevent this.
The transmission of information across the internet is never completely secure, and whilst we will always do our best to protect the security of your information, we cannot ensure or guarantee that loss, misuse or alteration of information won’t occur whilst you or we are transferring this information.
Where you or we have provided a password enabling you to access parts of our websites or use our services, it is your responsibility to keep this password confidential. Please choose a secure password and do not share it with anyone else.
You can switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing this is likely to limit the functionality of ours and a large proportion of the world’s websites as cookies are a standard part of most modern websites.
How to make a complaint or raise a concern
If you would like to make a complaint in relation to how we have handled your personal information, please follow our complaints procedure. If you are not happy with the response you receive, then you can raise your concern with the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF or you can visit their website.
(Last updated: 22nd November 2018)