Skip to content

Privacy Policy

GDPR and Privacy Policy


Wave 23’s coaches have procedures and policies in place for protecting the personal information (including sensitive personal data) of all its participants and swimmers.

These policies and procedures have been created in line with guidance from the Data Protection Act 1998 and the GDPR regulations.

It is Wave 23’s coaches policy to only hold personal data and sensitive personal data for the legitimate purpose of offering training and swimming sessions connected to open water swimming.

Only information on current swimmers participating will be held, unless consent is given for swimmers to be kept on mailing lists for future courses.

Where possible all paper documents with personal details will be deleted immediately after its legal usefulness and thereafter, the information will be kept in digital format and password protected. Once the digitally held data has served its legitimate purpose, it too shall be deleted.

Personal data relates to personal information collected and stored about a living person.

Sensitive personal data, relates to specific personal data deemed sensitive by the GDPR regulations.

What personal data do we collect and store?

The following personal data we collect and store:
Dates of Birth
Email addresses
Telephone numbers
Emergency contacts

The following sensitive personal data we collect and store as a club:
Medical information/Other health information deemed legitimate to carry out the activity of teaching swimming and running courses safely.

Why do we collect this personal data?

We use this data for the following purposes:
For the purpose of providing coaching courses and swimming sessions.
To administer records and comply with our insurance obligations as well as the regulations of the authorising body, STA.
To manage the swimmers and coaching personnel
To keep swimmers and coaching personnel informed of news and future events linked to Wave23
To keep a record of the course swimmers’s progression, including video evidence as part of the coaching they receive.

Who do we share your information with?

No personal or sensitive personal data is shared with any third parties.
Personal and sensitive personal data is only held and stored by the data controller.
Only the swimmer’s names and medical history and achievement records and goals are shared with Wave23 coaches and support staff connected to the session.
Swimmers give their permission for their personal data to be used as set out by this policy, by signing the application form. There is also an option for them to sign so they can opt in to be kept up to date with news and events connected to Wave23.
Phone numbers, email addresses and other information is only kept by the data controller and shared to key swimming coaches and support staff.
Permission will always be sought should a legitimate purpose to share the details arise and not be covered by this policy.
All data will be kept securely and confidentially. Manually kept data will be kept to a minimum.

Procedures and the type of information held:

Application forms
These can be sent manually or electronically. Those received manually will be scanned by the data controller and then destroyed securely.

The data secretary will store the application forms and the data collected securely and will ensure it is correct and current. They will also ensure the information is deleted once the data is no longer required.

A paragraph is added to the application forms and welcome letters explaining how the information is stored and for how long.

Registers: For open water sessions/pool sessions

These are kept in manual form during the session with name, email address and contact number of the swimmer.

They are shared with the swim coach and key support staff for the time of the session an they are then held and stored by the data controller. No one else takes the information or holds the information.

The registers are scanned and kept digitally after the course, to form evidence as part of quality assurance . The data controller will ensure the data is destroyed or kept in line with the data protection regulations and GDPR.

For course candidates and swimmers under the age of 16 years old, parental permission will be sought to hold the information according to this policy.

No swimmers under the age of 16 years old will be contacted directly by Wave 23. There may be times when swimmers under the age of 16 years old need to be contacted by Wave 23 and permission will be sought of the parents/guardians.

Correspondence sent from Wave 23 coaches

All correspondence sent by Wave 23’s coaches will be considered carefully so as not to include any personal information and will be communicated in line with this policy.

Wave 23’s coaches will not share data unless legitimately required to do so and for the purpose of running the swimming lessons and courses. With the information only being shared with key people, i.e.coaches and key support staff.

Enquiries to Wave 23 can be made by phone, text, email, Facebook, Instagram and Whatsapp. The data controller is the only contact.

All group notices will be sent through digitally via email or Whatsapp, with no personal data included unless express permission has been given for the information to be included for the purpose it is being used for.

All group notices via email will use the BCC function to hide people’s email addresses.

Notices or information obtained manually will be collected and stored securely for only the purpose they are collected for and then securely destroyed once it is no longer required for that use.

Coaches and Support Staff information

All coaches and support staff taken on by Wave 23 must formally agree through the contact form for the data controller to hold their details for contact and also for legitimate purposes as HMRC records and insurance records.

This information will not be passed on or shared to a third party without the tutor’s permission, unless legally required to do so.

Information regarding qualifications and personal information will be stored digitally and password protected. It will be held in one place by the data controller, with excess via phone or computer.

When coaches and support staff leave Wave23, their details will only be held for the length of time legally required by either the STA or HMRC.

Should Wave 23 wish to contact them in the future, Wave 23 will seek permission to store their details for future events and news linked directly to Wave 23. Their information will not be shared with third parties.

Pool and Venue Operators

No personal information regarding the swimming pools and venues used by Wave23 is passed on to third parties.

A copy of their insurance and PSOP will be made available to coaches, support staff and swimmers. In this instance, the name of the point of contact for the venue may be shared.

Children’s personal data and sensitive personal data

The GDPR regulations have been designed with children specifically in mind. Therefore, as mentioned above, Wave 23’s coaches will ensure all data collected and processed about them is done so with their parent’s/guardian’s express permission if they are under 16 years

For swimmers who are under 18 years old and over 16 years old, Wave 23’s coaches will seek express permission from both the swimmer and their parent/guardian.

Who do we share your information with?

Wave 23’s coaches only collects and uses your information for its own purposes and will never share with third parties without your express consent and for a legitimate purpose.

How long do we hold your information?

We only collect and store your personal data for as long as is legitimately necessary and for as long as the purpose for collecting the information requires us to.

As soon as the data has served its purpose we will delete it.

Further processing

Each time a new purpose requires us to process your data, you will be given notice and the reasons for the request to process your data and your permission sought.

Your rights and your personal data

Individuals have the right at any time to request to see what personal data we hold on them and why and to see how we are holding and what it is being used. You are within your rights to object and withdraw your consent for us using and holding the data at any time.

Your rights under the Data Protection Act and GDPR regulations are:

The right to request a copy of your personal data that Wave 23’s coaches holds
The right to request that Wave 23’s coaches corrects any personal data should it be found out of date or incorrect
The right to request your personal data is deleted where it is no longer necessary for it to be held
The right to withdraw your consent to the processing of your data at any time
The right to data portability; which is your right to request the data controller provides you (the data subject) with your personal data and where possible transmit that data to another data controller
The right to object to the processing of personal data
The right to report a complaint to the Information Commissioners Office

How to contact Wave 23’s coaches and data controller

All communications should be addressed to Lisa Clark and emailed to


Website Data and Cookies

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages or products that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

  • “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit
  • “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
  • “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
  • Embedded content from other websites. Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your website data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at