We may collect and store personal information about you whenever you interact with us. Examples of this include:
The types of information that we collect will be determined according to the nature of your interactions with The OSS, as described more fully within section 3 below. The majority of this information will be personal information, such as your name, email address, postal address, telephone number, age, gender, social media account information, bank account details and any other personal information that you may choose to provide. In all cases we will only seek to collect information that we need.
Some of the personal information that we collect may be data that is classified as ‘special category personal data’ under the Data Protection Laws, due to its sensitivity. For instance, The OSS may collect health data from you, specifically in relation to any medical conditions. Special category personal data will only be collected where necessary and where such data is needed for safety reasons. For example, we need to know of any medical conditions you have for events, so that our safety team can provide the correct care for you during an event.
We use and store your personal information in the following ways and in reliance upon the lawful bases described below, in accordance with the Data Protection Laws:
If you register for a place at an event we will collect your email address, following which we will send you event-specific information about that event and other swimming events that we think you might be interested in. Your email will not be used after the final post-event email.
When you send us a direct message on a social media platform (e.g. Facebook, Twitter or Instagram) we use any personal information provided to respond to your message. On occasion, we may contact you via direct message on a social media platform in order to notify you that you have won a competition, to ask whether we can use a photo you have uploaded to the page or group, or because we are interested in a story you have posted.
In accordance with the Data Protection Laws, our lawful basis for processing your personal information in this manner is that:
When you register for a shop account via the Website (as part of buying shop items or event tickets), we will collect personal information including your email address, username, first name, last name, postal address and any other information that you may choose to provide should you contact us in respect of any issues faced in accessing your account.
When you buy any items from our online shop we need to collect your personal details (name, email address, postal address) and credit/debit card information, to take payment for your goods and to deliver the goods to you. These personal details are held within our Website on the eCommerce platform, WooCommerce and transactions are processed using Stripe. The OSS never has access to your full credit/debit card details when payment is taken in this way. Financial transaction data, excluding credit/debit card details, is held for as long as the law requires us to for tax or accounting purposes, which may be up to six years from the transaction date.
When you make a donation via the Website you will be taken to the webpage of our payments provider PayPal, where you can decide what amount to contribute to The OSS. The OSS never has access to your credit/ debit card details when donations are accepted in this way, with any information being processed by PayPal. For more information on PayPal and how they use and store personal information, please see their Privacy Statement.
When you enter an event, your personal details are collected and used to pay for your event ticket. These data are stored securely within our Website on the eCommerce platform, WooCommerce. The information collected and stored includes your name, email address, postal address, telephone number and credit/debit card details, and your transaction is processed using Stripe. We never have access to your full credit/debit card details when payment is taken in this way. Personal information held in relation to an event will be kept securely for three years from the year of the event, in line with our legal requirements. Financial transaction data, excluding your credit/debit card details, are held for as long as the law requires for tax or accounting purposes, which may be up to six years from the transaction date.
When you enter an event you may be asked whether you agree to your personal details (name, gender, age category) and your event completion time being included on the public results list. This results list may be available following the event on our Website and social media platforms for up to three years. If you change your mind with regards to being on the results list for an event please email email@example.com to be removed from the list.
We may use event photographers at our swimming events, who will take photos freely throughout the event. Photos are taken at the event on the basis of legitimate interest and will only be taken in the context of: 1) Online event photo galleries; 2) The OSS newsletter elsewhere; 3) The OSS Website; 4) OSS social media; and 5) OSS marketing and publicity. If you do not want photos of yourself used in this way please email firstname.lastname@example.org prior to or following the event or let the event photographer know that you do not want to be photographed at the event.
At our events we may require your swim to be timed using a timing chip. If that is the case, it will be for safety purposes and to provide timings for each swimmer’s personal interest. These times are subsequently shown on the results list if you have provided consent for your details to be included. We contract out event timing to an external timing company, who will match your time taken with your name using your swimmer number. The external timing company may hold your information (including your name, time and swimmer number) in their records, and should be contacted directly if you wish to discuss the storage of your personal details in their records.
When you offer to volunteer with us we need your personal information (name, email address, telephone number) to contact you with regards to your offer of help. We may also need additional personal and sensitive personal data, such as any medical conditions you have, to assign you an appropriate volunteering role and to make sure we can support you effectively in your volunteering role.
When you contact us with a query of any kind by email (e.g. regarding our newsletter, an event, our Website or our online shop) we use the information you have provided to respond to your initial message. We then delete any emails considered to be solved and will not hold any information (emails or email addresses) we deem to be no longer needed.
When you apply for a job with The OSS we use the contact information provided to respond to your application. In addition, we will ask for your consent to keep your application on record in our email account, so that we can contact you if a future position becomes available to which you are particularly suited. If, following the provision of your consent, you decide that you don’t want your details to be stored in this way please email email@example.com confirming that you no longer wish to receive information on potential roles with The OSS.
You may interact with us via a page, group or account on a social media platform (e.g. Facebook, Twitter or Instagram). In these cases, your interaction with us is stored on that page, group or account on which it was posted. Such interactions may involve the processing of personal information such as your name. If you would like any such interactions to be removed please either delete the interaction yourself, send us a message on the platform in question, or email us at firstname.lastname@example.org. The personal information stored will be determined by your privacy settings on the social media platform in question.
You may provide content for our Website, which may include personal information such as your name and email address. If you would like your personal details removed from our Website please contact email@example.com.
We may use your personal information to record and deal with a complaint, to record a request not to receive further information and for other essential, internal record keeping purposes. Following completion of any such tasks your personal details will be removed from the records.
When you use our Website, user details will be collected to enable development of the Website and for usage tracking, which is undertaken by Google Analytics. Further details of this type of data collection can be found in the Cookies section below (Section 11).
We may use your personal information to prevent crime and to keep our team and the public safe.
We may use your personal information where we reasonably think that there is a risk of serious harm or abuse to you or someone else.
We may be required to process your personal information to fulfil a legal, regulatory or tax obligation.
In accordance with the Data Protection Laws, we rely upon the following lawful bases for processing your personal information where carrying out the processing activities described above:
In accordance with the Data Protection Laws, where we process your special category personal data our lawful basis for doing so is that you have provided your explicit consent to the processing of your special category personal data for one or more specified purposes as described above, namely to ensure that we are aware of any medical conditions so that we can keep you safe during our events or in your role with the OSS.
Please refer to section 3 above for further information on how long we may store your personal information within specific contexts. In addition, please note that:
We will keep any personal information which we have collected for processing financial transactions, excluding your credit/debit card details, for as long as the law requires for tax or accounting purposes (which may be up to six years after a particular transaction).
When you unsubscribe from our newsletter your personal information is archived by our mailing list database software, Mailchimp. If you wish to rejoin the mailing list at any point you will need to do this via our website sign up page.
In respect of any other personal information, we will retain it for no longer than necessary for the purposes for which it was collected, taking into account guidance issued by the Information Commissioner’s Office.
As described in section 3 above, we may need to share your information with data hosting providers or service providers, such as our website developer, who help us to deliver our services. These providers will only act under our instruction and are subject to universal strict data protection clauses.
We may also share your personal information with selected third parties including:
We will disclose your personal information to third parties such as courts, regulatory or law enforcement bodies, or our professional advisors if this is permitted by law and is necessary in order to:
We undertake at least biennial reviews of those who have access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.
If you use your credit or debit card to buy something or make a booking online, we pass your card details securely using WooCommerce to Stripe. We never have direct access to your full payment information.
Whilst we take all possible precautions to ensure your personal information is safe, there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of data (including personal information) disclosed or transmitted over public networks.
Where you or we have provided a password enabling you to access parts of our Website or use our services, it is your responsibility to keep this password confidential. Please choose a secure password and do not share it with anyone else.
You have rights in relation to the personal information we hold about you. These include the right to request access to your personal information, to request that it is erased, that its processing is restricted, or that any inaccurate personal information is rectified. You may also have the right to object to the processing of your personal information, or in some circumstances to obtain a copy of the personal information in machine-readable format. If you wish to exercise these rights, please email firstname.lastname@example.org.
When asking for such a procedure, you will need to provide copies of two separate identification documents, such as a passport, driving licence, or utility bill, and any additional information that is relevant to the nature of your contact with us. This information will help us to locate your records. Please send these documents via email to email@example.com.
We will respond within one month of receipt of your written request and copies of your identification documents. Where we provide personal information to you (or someone else on your behalf), we will provide it free of charge except in exceptional circumstances.
To use our Website you need to be over 18 years old. If you are under the age of 18 you must have the consent of your parent or legal guardian to use or register for any of our services.
You can switch cookies off by adjusting your browser settings to stop it from accepting cookies. Doing this is likely to limit the functionality of ours and a large proportion of the world’s websites as cookies are a standard part of most modern websites. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
If you would like to make a complaint, please follow our complaints procedure.
Last updated: 21 September 2023, to replace the payment system “Opayo” with “Stripe”