Candice's Swim School privacy policy and data protection. 

Our privacy policy is intended to ensure that personal information is dealt with correctly, securely, with consent and in accordance with the General Data Protection Regulation (GDPR), that goes hand in hand with the existing data protection regimes in the UK. It introduces a number of new obligations and requirements on controllers and processors.

Candices Swim School collects and uses personal information about staff, pupils, parents or carers and other individuals who come into contact with Candice's Swim School. This information is is gathered in order to perform the swims school's contract with our swimmers and for the purpose of our legitimate interests in operating the swim school.

This will apply to all data regardless of the way it is collected, used, recorded, stored and destroyed, and irrespective of whether it is held in paper files or electronically. All staff involved with the collection, processing and disclosure of personal data are aware of their duties and responsibilities and adhere to these guidelines.

Schools have a duty to be registered, as Data Controllers, with the information commissioner's office (ICO) detailing the information held and its use. We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. For the purposes of the GDPR, we will be the "controller" of all personal data we hold about you.

Being GDPR compliant establishes enforceable principles that we adhere to at all times:

1. personal data shall be processed fairly and lawfully.

2.Personal data shall be obtained with consent only, for one or more specified and lawful purposes;

3. Personal data shall be adequate, relevant and not excessive.

4. Personal data shall be accurate and where necessary , kept up to date.

5. Personal data processed for any purpose shall not be kept longer than necessary for that purpose or those purposes.

6.Personal data shall be processed in accordance with the rights of data.

7. Personal data shall be kept secure, protected by an appropriate degree of security.

Your rights under the GDPR:

1. To access your personal data.

2. To be provided with information about how your personal data is processed.

3.To have your personal data corrected.

4. To have your personal data erased in certain circumstances.

5. To object to or restrict how your personal data is processed.

Candice' swim school is committed to maintaining the above principles at all times:

* Inform individuals why the information is being collected when its collected.

* Inform individuals when their information is shared, and why and with whom it was shared with.

* Check the quality and the accuracy of the information it holds.

* Ensure that the information is not retained for longer that is necessary.

* Ensure that when obsolete information is destroyed that it is done so appropriately and securely.

* Ensure that clear and robust safeguards are in place to protect personal information from loss, theft and unauthorised disclosure , irrespective of the format in which it is recorded.

* Set out procedures to ensure compliance with the duty to respond to requests for access to personal information, known as subject access requests.