Important - our Privacy Notice will be changing
On May 25, 2018, the European Union will begin enforcing a new set of data protection regulations - the General Data Protection Regulation (GDPR). The GDPR regulates the collection and storage of personal data for EU residents (including UK residents), regardless of where the organization doing the collecting is located.
The GDPR replaces and expands upon the 1995 Data Protection Directive. The extended reach of the regulations will apply to all organizations that collect the personal data of European residents, even if those organizations are based outside of Europe.
Somerset ASA ('We') and our affiliated Clubs need to understand the requirements of the GDPR and set up procedures to comply with them.
We will be guided by our National Governing Body, Swim England to ensure we are compliant with the GDPR and publish or link to helpful articles for our Clubs and colleagues to learn more about what they need to do to comply with the new regulations.
We are already or will be taking the following steps to prepare for the GDPR.
- Reviewing and documenting what personal data we store and in what format, where it came from, who we share it with and how, and who has access to it. This includes more than just data on our website - it includes (click on the panel headings below to reveal more information)
- our financial records,
- reviewing our internal procedures for collecting personal data, the different applications used, how each collects data and how we obtain and manage consent for collecting it.
- any data processed by other third-party services (e.g.
|Apple services such as
|Facebook (cookies policy) services
|Twitter and services
||Social Media including
|Zoho Workplace services such as
- Reviewing how we pay, send money and accept online payments,
- Reviewing advertisers and agencies
- Checking our procedures to ensure they cover all the rights identified by the GDPR.
- Reviewing our current privacy notices and planning for any necessary changes to comply with the GDPR.
1. Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data i.e. any information relating to an identified, or identifiable natural person (data subject) ; and an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identify of that natural person.
Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
Somerset ASA is a UK not-for-profit organisation. View our Management Committee and read more about what we do. Somerset ASA is the data controller (contact details below). This means Somerset ASA decides how your personal data is processed and for what purposes.
3. What information do we collect?
You do not have to give Somerset ASA any personal information to use most of this website.
Somerset ASA may automatically collect information about the website that you came from or are going to. Somerset ASA also collects information about the pages of this website which you visit, IP addresses, the type of device and browser you use and the times you access this website. However, this information is aggregated and is not used to identify you.
You may also choose to provide additional voluntary information while using this website. Somerset ASA will identify any options you have for controlling the use of this information at the time it is collected.
Click on the panel heading below for more information on what is collected.
- Mandatory: forename(s), surname, postal address and postcode, email address
- Optional: phone number(s), organisation, communication preferences.
- If you contact us via email your email address and message will be accessible to and may be forwarded to the person or people in the organisation best equipped to respond. .
- Mandatory: personal data obtained directly or via affiliated clubs to verify identity and eligibility for events you wish to enter. This will include your membership id, date of birth, health declaration, details of the medication you use, and any therapeutic use exemptions. The data may be held electronically, in proprietary software [Active Network LLC (Hy-Tek / Meet Mobile) and SportSystems] or on paper.
- Mandatory: forename(s), surname, postal address and postcode, email address and may include date of birth, membership id and organisation
- Optional: phone number(s), communication preferences.
- Mandatory: forename(s), surname, postal address and postcode, email address and may include gender and details of current and previous employers, employment, salary, education, qualifications, referees and hobbies / interests.
- Optional: phone number(s), communication preferences.
Delivered by Feedburner.
- Mandatory email address
- How to unsubscribe from the newsletter
Every News Headlines email contains a quick and easy unsubscribe link in its footer.
- Mandatory: title, forename(s), surname, postal address and postcode, email address
- Optional: phone number(s), organisation, communication preferences.
- We will inform you whether a third party service provider such as Mailchimp will be used to deliver the Newsletter and if you choose to receive one or more of our Newsletters, add you to the associated mailing list(s). Please note that Mailchimp may transfer personal data outside the EU (see 12) and you should contact Mailchimp with questions or concerns about this.
- Every Newsletter contains a quick and easy unsubscribe link in its footer.
If you consent to Somerset ASA sending you relevant marketing communications by specific method(s) but at any point would like to opt-out, or to change the channels (post, email, SMS/MMS, online or phone) used to contact you, please click on the unsubscribe link at the bottom of any marketing emails you receive, or use the Contact Us form on the website. Your request will be actioned as quickly as possible.
4. How do we process your personal data?Somerset ASA complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Somerset ASA uses your personal data for the following purposes: -
- To provide a voluntary service for the benefit of the public as specified in the Association’s constitution;
- To administer membership records;
- To fundraise and promote interests;
- To manage Somerset ASA employees and volunteers;
- To communicate with you, e.g. reply to requests for further information
- To investigate complaints
- To maintain Somerset ASA’s own accounts and records* (including processing data for the purposes of
- promoting competitions,
- accessing and delivering training and courses
- fulfilling health and safety obligations
- fulfilling safeguarding responsibilities;
- To inform you of news, events, activities and services which Somerset ASA thinks might be of interest to you, subject to having the appropriate permissions to do so;
- To share your contact details and other relevant personal data with opt-in consent to
- Swim England and associated organisations,
- Swim England Trading Limited
- British Swimming
- Institute of Swimming
- your Club and / or prospective Club
- Active Network LLC, its affiliates and licensors
- as appropriate so that they can keep you informed about news, events, activities and services
- in which you may be interested
- which you require of them,
- which are relevant to the role you are undertaking
- To operate the Somerset ASA website and Social Media accounts and deliver services that individuals request, which may be personalised. Somerset ASA may use aggregated information to administer and improve its website, analyse trends, gather broad demographic information and detect suspicious or fraudulent transactions.
- To gather management information for statistical analysis.
If you do choose to provide credit or debit card information, we may also use third parties to check the validity of the sort code, account number and card number you submit to prevent fraud and to process any transaction.
If false or inaccurate information is provided and fraud is identified, details will be passed to fraud prevention agencies. Law enforcement may access and use this information. Somerset ASA and other organisations may also access and use this information to fulfil safeguarding responsibilities and to prevent fraud and money laundering, for example when:
- checking identity, e.g. with the Disclosure and Barring Service
- checking or responding to insurance claims
- checking details of job applicants, employees, volunteers
5. What is the legal basis for processing your personal data?
- Explicit consent of the data subject [GDPR 6(1)(a)] so that Somerset ASA can
- keep you informed about news, events, activities and services
- provide the service you have requested;
- Processing is necessary
- for carrying out obligations under employment, social security or social protection law, or a collective agreement;
- to meet legal, regulatory and compliance requirements;
- to monitor and analyse the use of any account to prevent, investigate and/or report abuse, fraud, terrorism, misrepresentation, security incidents or crime;
- Processing is carried out by a not-for-profit body and
- the processing relates only to members, former members or affiliates (or those who have regular contact with it in connection with those purposes); and
- there is no disclosure to a third party without consent.
6. Sharing your personal dataYour personal data will be treated as strictly confidential and will only be shared with other members of Somerset ASA or affiliated organisations to carry out a service to other members or for purposes connected with the objects and duties of the Association.
Somerset ASA will never share, disclose, lease or rent your personally identifiable information with a third party for marketing purposes.
Third party service providers may be used to help Somerset ASA for example with website hosting, maintenance, call centre operation in which case the third party may receive your information.
Somerset ASA will only share your data with third parties with your consent and will control and be responsible for the use of your information.
Somerset ASA may pass aggregated information to third parties.
7. How long do we keep your personal data?Somerset ASA keeps data including records of membership and qualifications in accordance with the guidance set out by Swim England [see footnote for link]. Somerset ASA wil retain your personal data until such a time as you unsubscribe or ask us to remove your details.
Specifically, Somerset ASA retains membership data while it is still current; gift aid declarations and associated paperwork for up to 6 years after the calendar year to which they relate.
If you contact Somerset ASA via our Contact Form, we reserve the right to keep your message indefinitely. This is to aid continuity and so that we can view any historic context which may have bearing on subsequent support mail, even if members of the support team change.
Somerset ASA is obliged to keep records relating to financial transactions for a defined period in line with Swim England policy following the end of the accounting period in which the transaction took place to comply with the law regarding company and charity accounting. Somerset ASA destroy records after this point. If you require information on payment processors’ policies, please contact them directly.
When you unsubscribe from a News Headlines Feed or Newsletter, your details remain on the list of past recipients. This is a measure to prevent circumstances such as a team member accidentally manually re-adding you. As a compliance measure, subscribers who unsubscribe themselves can’t be deleted from the list. However, provided you are still a subscriber at the point when you contact Somerset ASA, on request your details can be permanently removed from the list – please get in touch if you would like this to happen.
8. Your rights and your personal dataUnless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which Somerset ASA holds about you;
- The right to request that Somerset ASA corrects any personal data if it is found to be inaccurate or out of date;
- The right to request your personal data is erased where it is no longer necessary for Somerset ASA to retain such data;
- The right to withdraw your consent to the processing at any time
- The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [Only applies where the processing is based on consent or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
- The right to object to the processing of personal data, (where applicable) [Only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics]
- The right to lodge a complaint with the Information Commissioners Office (but do contact us first, so that we can try and help).
9 When you call our helpline
When you call a mobile, or a home telephone number Somerset ASA may collect Caller Identification (Caller ID) information, which may be used to help improve efficiency and effectiveness, such as returning missed calls.
10. When you visit our website
When someone visits www.somersetasa.org Somerset ASA collect standard internet log information and details of visitor behaviour patterns to find out things such as the number of visitors to the various parts of the site. This information is collected in a way which does not identify anyone. Somerset ASA do not make any attempt to find out the identities of those visiting the website and will not associate any data gathered from this site with any personally identifying information from any source. When Somerset ASA do want to collect personally identifiable information through the website, it will be up front about this, making it clear when personal information will be collected and explaining what Somerset ASA intend to do with it - for example when you fill in a contact form or survey, register with the website, register for a camp, course, event or seminar, apply for membership and enter a competition.
In so far as site pages may contain personal data (such as name, address or e-mail addresses) this has, as far as Somerset ASA are aware, been supplied on a voluntary basis. Somerset ASA reserve the right to take legal steps in the event of it being used by third parties to send unsolicited promotional information to contacts, such as through spam mails.
When you visit any web site, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalised web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies used which are:
- Strictly necessary cookies
- Performance cookies
- Functional cookies
- Targeting cookies
We use some non-essential cookies to anonymously track visitors or enhance your experience of this site.
You may change our default cookie settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
Most web browsers allow some control of most cookies through the browser settings or installation of opt-out browser plug-ins. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.
Use of Google Analytics
Somerset ASA uses Google Analytics to collect information about how people use this site to ensure it is meeting user needs and to understand how we can improve it.
Google Analytics stores information such as what pages you visit, how long you are on the site, how you got here, what you click on, and information about your web browser.
IP addresses are masked (only a portion is stored) and personal information is only reported in aggregate. Somerset ASA do not allow Google to use or share the analytics data for any purpose besides providing Somerset ASA with analytics information. Somerset ASA recommends that any user of Google Analytics does the same.
The cookies set by Google Analytics are as follows:
Name Typical Content Expires __utma Unique anonymous visitor ID 2 years __utmb Unique anonymous session ID 30 minutes __utmz Information on how the site was reached (e.g. direct or via a link / search / advert) 6 months __utmx__utmx Which variation of a page you are seeing if Somerset ASA is testing different versions to see which is best 2 years2 years
If you’re unhappy with the idea of sharing the fact you visited the Somerset ASA site (and any other sites) with Google, you can install the official browser plugin for blocking Google
To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
Somerset ASA now embed videos from YouTube using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer but YouTube will not store information about your visit to this website unless you play the video. To find out more please visit YouTube’s embedding videos information page.
The search facility on our website is plugged into our server and continuously indexes the content on our site. All search requests are handled by the site content management system and the information is not passed on to any third party.
13. Further processingIf Somerset ASA wishes to use your personal data for a new purpose, not covered by this Data Protection Notice, then Somerset ASA will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, Somerset ASA will seek your prior consent to the new processing.
14. Contact DetailsTo exercise all relevant rights, queries of complaints please in the first instance contact the County Secretary whose contact details are listed here.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
 Details of retention periods will be provided by Swim England
Somerset ASA is affiliated to Swim England / the ASA and we keep records of and pass membership data to Swim England / the ASA.
Swim England / The ASA / British Swimming take data protection very seriously and the organisation’s data protection notice and guidelines are detailed below.
To download the ASA Data Protection Policy document click here.
To view British Swimming's' Data Protection Policy document click here.
The Data Protection Notice document is a detailed run down of the organisation’s policy on the collection and use of information.
To download the Swim England Data Protection Notice document, click here.