Important - our Privacy Notice will be changing
On May 25, 2018, the European Union will begin enforcing a new set of data protection regulations - the General Data Protection Regulation (GDPR). The GDPR regulates the collection and storage of personal data for EU residents (including UK residents), regardless of where the organization doing the collecting is located.
The GDPR replaces and expands upon the 1995 Data Protection Directive. The extended reach of the regulations will apply to all organizations that collect the personal data of European residents, even if those organizations are based outside of Europe.
Somerset ASA ('We') and our affiliated Clubs need to understand the requirements of the GDPR and set up procedures to comply with them.
We will be guided by our National Governing Body, Swim England to ensure we are compliant with the GDPR and publish or link to helpful articles for our Clubs and colleagues to learn more about what they need to do to comply with the new regulations.
We are already or will be taking the following steps to prepare for the GDPR.
- Reviewing and documenting what personal data we store and in what format, where it came from, who we share it with and how, and who has access to it. This includes more than just data on our website - it includes
- our financial records,
- any data processed by other third-party services (e.g.
- How we pay, send money and accept online payments,
- Advertisers and agencies
- Amazon and Amazon Web Services
- Google services (cookie types) such as Adsense, Analytics, Calendar, Cloud, Drive, Docs, Feedburner, Gmail, Google+, Groups, Hangouts, Maps, News, Photos, Play, reCaptcha, Search, Search Console, Tag Manager, Translate, Youtube
- Microsoft services (privacy notice) such as Bing, LinkedIn, Office 365, One Drive, Outlook, Skype, Translator
- Facebook (cookies policy) and services such as Facebook Groups, Facebook Messenger, Instagram and WhatsApp
- Adobe services such as Creative Suite, Flash, Reader
- Getty Images
- KnightLab, Soundcite
- Twitter, Periscope and Vine
- Vimeo, Livestream
- Hosting including mail services
- Print Publishers
- Active Network LLC, including Hy-Tek and Meet Mobile
- SMS (Short Messaging Service), MMS (Multimedia Messaging Service) and RCS (Rich Communication Services)
- Reviewing our internal procedures for collecting personal data, the different applications used, how each collects data and how we obtain and manage consent for collecting it.
- Checking our procedures to ensure they cover all the rights identified by the GDPR.
- Reviewing our current privacy notices and planning for any necessary changes to comply with the GDPR.
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data i.e. any information relating to an identified, or identifiable natural person (data subject) ; and an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.
Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
Somerset ASA is the data controller (contact details below). This means Somerset ASA decides how your personal data is processed and for what purposes.
3. What information do we collect?
You do not have to give Somerset ASA any personal information to use most of this website.
Somerset ASA may automatically collect information about the website that you came from or are going to. Somerset ASA also collects information about the pages of this website which you visit, IP addresses, the type of device and browser you use and the times you access this website. However, this information is aggregated and is not used to identify you.
You may also choose to provide additional voluntary information while using this website. Somerset ASA will identify any options you have for controlling the use of this information at the time it is collected.
Contact Us Form
- Mandatory: forename(s), surname, postal address and postcode, email address
- Optional: phone number(s), organisation, communication preferences.
- Mandatory: personal data obtained directly or via affiliated clubs to verify identity and eligibility for events you wish to enter. This will include your membership id, date of birth, health declaration, details of the medication you use, and any therapeutic use exemptions. The data may be held electronically, in proprietary software [Active Network LLC (Hy-Tek / Meet Mobile) and SportSystems] or on paper.
- Mandatory: forename(s), surname, postal address and postcode, email address and may include date of birth, membership id and organisation
- Optional: phone number(s), communication preferences.
- Mandatory: forename(s), surname, postal address and postcode, email address and may include gender and details of current and previous employers, employment, salary, education, qualifications, referees and hobbies / interests.
- Optional: phone number(s), communication preferences.
If you consent to Somerset ASA sending you relevant marketing communications by specific method(s) but at any point would like to opt-out, or to change the channels (post, email, SMS/MMS, online or phone) used to contact you, please click on the unsubscribe link at the bottom of any marketing emails you receive, or use the Contact Us form on the website. Your request will be actioned as quickly as possible.
4. How do we process your personal data?Somerset ASA complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Somerset ASA uses your personal data for the following purposes: -
- To provide a voluntary service for the benefit of the public as specified in the Association’s constitution;
- To administer membership records;
- To fundraise and promote interests;
- To manage Somerset ASA employees and volunteers;
- To communicate with you, e.g. reply to requests for further information
- To investigate complaints
- To maintain Somerset ASA’s own accounts and records* (including processing data for the purposes of
- promoting competitions,
- accessing and delivering training and courses
- fulfilling health and safety obligations
- fulfilling safeguarding responsibilities;
- To inform you of news, events, activities and services which Somerset ASA thinks might be of interest to you, subject to having the appropriate permissions to do so;
- To share your contact details and other relevant personal data with opt-in consent to
- Swim England and associated organisations,
- Swim England Trading Limited
- British Swimming
- Institute of Swimming
- your Club and / or prospective Club
- Active Network LLC, its affiliates and licensors
- as appropriate so that they can keep you informed about news, events, activities and services
- in which you may be interested
- which you require of them,
- which are relevant to the role you are undertaking
- To operate the Somerset ASA website and Social Media accounts and deliver services that individuals request, which may be personalised. Somerset ASA may use aggregated information to administer and improve its website, analyse trends, gather broad demographic information and detect suspicious or fraudulent transactions.
- To gather management information for statistical analysis.
If you do choose to provide credit or debit card information, we may also use third parties to check the validity of the sort code, account number and card number you submit to prevent fraud and to process any transaction.
If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement may access and use this information. Somerset ASA and other organisations may also access and use this information to fulfil safeguarding responsibilities and to prevent fraud and money laundering, for example when:
- checking identity, e.g. with the Disclosure and Barring Service
- checking or responding to insurance claims
- checking details of job applicants, employees, volunteers
5. What is the legal basis for processing your personal data?
- Explicit consent of the data subject so that Somerset ASA can
- keep you informed about news, events, activities and services
- provide the service you have requested;
- Processing is necessary
- for carrying out obligations under employment, social security or social protection law, or a collective agreement;
- to meet legal, regulatory and compliance requirements;
- to monitor and analyse the use of any account to prevent, investigate and/or report abuse, fraud, terrorism, misrepresentation, security incidents or crime;
- Processing is carried out by a not-for-profit body and
- the processing relates only to members, former members or affiliates (or those who have regular contact with it in connection with those purposes); and
- there is no disclosure to a third party without consent.
6. Sharing your personal dataYour personal data will be treated as strictly confidential and will only be shared with other members of Somerset ASA or affiliated organisations to carry out a service to other members or for purposes connected with the objects and duties of the Association.
Somerset ASA will never share, disclose, lease or rent your personally identifiable information with a third party for marketing purposes.
Third party service providers may be used to help Somerset ASA for example with website hosting, maintenance, call centre operation in which case the third party may receive your information.
Somerset ASA will only share your data with third parties with your consent and will control and be responsible for the use of your information.
Somerset ASA may pass aggregated information to third parties.
7. How long do we keep your personal data?Somerset ASA keeps data in accordance with the guidance set out by Swim England [see footnote for link].
Specifically, Somerset ASA retains membership data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate; records of membership and qualifications permanently.
8. Your rights and your personal dataUnless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
- The right to request a copy of your personal data which Somerset ASA holds about you;
- The right to request that Somerset ASA corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Somerset ASA to retain such data;
- The right to withdraw your consent to the processing at any time
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office.
9 When you call our helpline
When you call a mobile, or a home telephone number Somerset ASA may collect Caller Identification (Caller ID) information, which may be used to help improve efficiency and effectiveness, such as returning missed calls.
10. When you visit our website
When someone visits www.somersetasa.org Somerset ASA collect standard internet log information and details of visitor behaviour patterns to find out things such as the number of visitors to the various parts of the site. This information is collected in a way which does not identify anyone. Somerset ASA do not make any attempt to find out the identities of those visiting the website and will not associate any data gathered from this site with any personally identifying information from any source. When Somerset ASA do want to collect personally identifiable information through the website, it will be up front about this, making it clear when personal information will be collected and explaining what Somerset ASA intend to do with it - for example when you fill in a contact form or survey, register with the website, register for a camp, course, event or seminar, apply for membership and enter a competition.
In so far as site pages may contain personal data (such as name, address or e-mail addresses) this has, as far as Somerset ASA are aware, been supplied on a voluntary basis. Somerset ASA reserve the right to take legal steps in the event of it being used by third parties to send unsolicited promotional information to contacts, such as through spam mails.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as giving some insight into how sites are being used.
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Somerset ASA now embed videos from YouTube using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer but YouTube will not store information about your visit to this website unless you play the video. To find out more please visit YouTube’s embedding videos information page.
The search facility on our website is plugged into our server and continuously indexes the content on our site. All search requests are handled by the site content management system and the information is not passed on to any third party.
13. Further processingIf Somerset ASA wishes to use your personal data for a new purpose, not covered by this Data Protection Notice, then Somerset ASA will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, Somerset ASA will seek your prior consent to the new processing.
14. Contact DetailsTo exercise all relevant rights, queries of complaints please in the first instance contact the County Secretary whose contact details are listed here.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
 Details of retention periods will be provided by Swim England
Somerset ASA is affiliated to Swim England / the ASA and we keep records of and pass membership data to Swim England / the ASA.
Swim England / The ASA / British Swimming take data protection very seriously and the organisation’s data protection notice and guidelines are detailed below.
To download the ASA Data Protection Policy document click here.
To view British Swimming's' Data Protection Policy document click here.
The Data Protection Notice document is a detailed run down of the organisation’s policy on the collection and use of information.
To download the Swim England Data Protection Notice document, click here.