privacy policy

Our privacy policy is intended to ensure that personal information is dealt with correctly, securely, with consent, and in accordance with the General Data Protection Regulation (GDPR), that goes hand in hand with the existing data protection regimes in place throughout the European Union (EU), including the UK. It introduces a number of new obligations and requirements on controllers and processors.

Swimtolearn Ltd (trading as Baby Spa) collects and uses personal information about staff, babies, parents or carers and other individuals who come into contact with Baby Spa. This information is gathered in order to perform the Baby Spa’s service with its customers and more regular clients, and for the purposes of our legitimate interests in operating Baby Spa.
This will apply to all data regardless of the way it is collected, used, recorded, stored and destroyed, and irrespective of whether it is held in paper files or electronically. All staff involved with the collection, processing and disclosure of personal data are aware of their duties and responsibilities and adhere to these guidelines.

Our such organisations have a duty to be registered as Data Controllers with the Information Commissioner’s Office (ICO) detailing the information held and its use. We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.

Being GDPR compliant establishes enforceable principles that we adhere to at all times:

1) Personal data shall be processed fairly and lawfully;
2) Personal data shall be obtained with consent only, for one or more specified and lawful purposes;
3) Personal data shall be adequate, relevant and not excessive;
4) Personal data shall be accurate and where necessary, kept up to date;
5) Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose or those purposes;
6) Personal data shall be processed in accordance with the rights of data;
7) Personal data shall be kept secure i.e. protected by an appropriate degree of security;
8) We store your information in digital format on secure cloud servers and systems hosted both inside and outside the European Union (EU). Where your data is being transferred outside the EU we are using adequate safeguards by using EU model clauses other technical and organisational controls with our service providers.

Your rights under the GDPR:

(a) to access your personal data
(b) to be provided with information about how your personal data is processed
(c) to have your personal data corrected
(d) to have your personal data erased in certain circumstances
(e) to object to or restrict how your personal data is processed

Swimtolearn Ltd is committed to maintaining the above principles at all times:

• Inform individuals why the information is being collected when it is collected
• Inform individuals when their information is shared, and why and with whom it was shared
• Check the quality and the accuracy of the information it holds
• Ensure that information is not retained for longer than is necessary
• Ensure that when obsolete information is destroyed that it is done so appropriately and securely
• Ensure that clear and robust safeguards are in place to protect personal information from loss, theft and unauthorised disclosure, irrespective of the format in which it is recorded
• Set out procedures to ensure compliance with the duty to respond to requests for access to personal information, known as Subject Access Requests

Swimtolearn Ltd uses squarespace.com as their data vehicle. Squarespace is fully GDPR compliant and you can find this private policy here.

Further advice and information is available from the Information Commissioner’s Office.