Privacy Policy

Last reviewed: 26 January 2026 | Next review due: 01 April 2027

1. Introduction

Heckington Community Swimming Pool (HCSP) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information, including sensitive (special category) data, when you use our services or interact with us.

We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Heckington Community Swimming Pool (HCSP) is the data controller responsible for your personal data.

Contact details:
Heckington Community Swimming Pool
Howell Road, Heckington, Lincs NG34 9RX
Email: info@heckingtonpool.co.uk

3. What Information We Collect

3.1 Personal Data

We may collect and process:

  • Names and contact details (address, email, telephone number)
  • Emergency contact information
  • Booking and attendance records
  • Payment references (we do not store full card details)
  • Communication records
  • Volunteer application and role information
  • Website usage data (e.g. IP address, cookies)
  • CCTV (via Heckington Primary School system)
  • Photographs of users in the pool

3.2 Special Category (Sensitive) Data

Where necessary, we may collect sensitive personal data, including:

  • Medical conditions (e.g. asthma, epilepsy)
  • Disabilities or additional needs
  • Allergies or health risks
  • Injury or incident information
  • Health and fitness declarations (e.g. for Aqua Fit sessions)

We only collect this information where it is necessary to ensure safety, wellbeing, or legal compliance.

4. How We Use Your Information

We use your personal data to:

  • Manage bookings and deliver our services
  • Ensure the safety and wellbeing of pool users
  • Communicate with you about bookings and activities
  • Manage volunteers and staffing
  • Comply with legal and regulatory obligations
  • Improve our services and operations

Sensitive personal data is used strictly for safety, safeguarding, and health-related purposes.

5. Lawful Bases for Processing

We process your data under the following legal bases:

  • Contract - to provide services you have booked
  • Consent - particularly for sensitive data, photographs and optional communications
  • Legal obligation - health & safety and safeguarding requirements
  • Vital interests - to protect individuals in emergencies
  • Legitimate interests - to operate and improve our services

For sensitive (special category) data, we rely on:

  • Explicit consent
  • Health and safety obligations
  • Safeguarding requirements

6. How We Protect Sensitive Personal Data

We take extra care when handling sensitive personal data by:

  • Collecting only what is strictly necessary
  • Obtaining explicit consent where required
  • Restricting access to authorised personnel only
  • Storing data securely with appropriate safeguards
  • Using the information solely for its intended purpose

7. Sharing Your Information

We may share your data with trusted third parties, including:

  • Booking and management systems
  • Payment providers
  • Email and communication services
  • Regulatory authorities (where required by law)
  • Emergency services (if necessary)

All third parties are required to handle your data securely and in accordance with data protection laws.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes it was collected, including legal, accounting, and safeguarding requirements. Sensitive data is reviewed regularly and securely deleted when no longer required.

9. Data Security

We use appropriate technical and organisational measures to protect your data, including:

  • Secure digital systems
  • Password protection and access controls
  • Confidentiality obligations for staff and volunteers
  • Secure disposal of records

10. Your Rights

Under data protection law, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion of your data (where applicable)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time (where processing is based on consent)

To exercise your rights, please contact us using the details above.

11. Children's Privacy

We collect children's data only where necessary and with the involvement of parents or guardians. We take extra care to protect children's personal and sensitive data.

12. Cookies and Website Use

Our website may use cookies to improve functionality and user experience. You will be informed about cookie usage and can manage your preferences.

13. Data Breaches

In the event of a data breach, we will act promptly to contain and assess the issue. Where required, we will report breaches to the Information Commissioner's Office (ICO) and affected individuals.

14. Complaints

If you are concerned about how your data is handled, please contact us first. You also have the right to complain to the Information Commissioner's Office (ICO).

15. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published and, where appropriate, notified to you.

If you have any questions about this Privacy Policy, please contact us at info@heckingtonpool.co.uk.