Northallerton ASC
Northallerton Amateur Swimming Club
Northallerton Leisure Centre
Stone Cross
Northallerton
DL6 2UZ

Privacy Policy

This privacy policy covers all of our online services. Who we are Northallerton ASC is a swimming club located in Northallerton, UK. For purposes of United Kingdom and European Union law, we are an unincorporated association and are a (fee exempt) data controller. Our primary website address is https://www.nasc.co.uk. We also run services on subdomains of the nasc.co.uk domain and this Privacy Policy is all encompassing – the same privacy policy applies across all our subdomains and online services. Third Party Data Processors We have a number of third party data processors who we work with for our digital services. These include;

  • Google Inc.
  • SendGrid Inc. Your personal data will be kept within the European Union or Privacy Shield countries when companies are Privacy Shield Certified. What personal data we collect and why we collect it Comments By default, we don’t allow users to comment on posts to our main website. We detail the information we would collect if we allowed comments to enable us the introduce such a feature at short notice in future. When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment. Personal Data for Online Accounts (Membership System) Member Data We store the following data in our system about members;
  • Name
  • Date of Birth
  • ASA Number (if available)
  • Sex (for Gala Entries)
  • Medical notes (for coaches and team managers)
  • Other notes which lets you leave a note on your swimmers file for coaches Most member data except for ASA Numbers, Squad and other administrative data is editable by parents. ASA numbers don’t change, but if for some reason one does, a Data Controller can modify it. Emergency Contacts Data We allow you to add a number of emergency contacts to your account. These are in addition to your primary contact details which are set in My Account. These will be used in an emergency. Northallerton ASC is able to store this data as it is operationally necessary.  We’ll delete these if you delete your account. User Account Data We store as little personal data as possible about our parent users, storing only,
  • Email Address
  • Mobile Number Other data stored is not classed as personal data. We use the personal data provided for the purposes of contacting the user by email and/or SMS. Bank account information for our parent accounts is stored by a third party, GoCardless Ltd. on our behalf. They have their own privacy policy. Media If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. Contact forms If you use any contact forms on our site, we will record your email address, given name(s) and potentially a telephone number. These are used in order to contact you and will be retained for a period of time, enabling us to contact you if circumstances change. We won’t use these details to send you marketing email. Cookies If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you have an account and you log in to our content management system, WordPress, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day. Embedded content from other websites Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. Analytics Northallerton ASC use Google Analytics to record and monitor user behaviour across our sites and services. We use this to help improve our services. Data collected by Google Analytics on our behalf cannot be used to identify you. Who we share your data with Northallerton ASC is affiliated with Swim England through the Yorkshire Swimming Association and Swim England North East. We may need to share your personal data with them if you are a Swim England Member. They might also share your personal data with us. We also work with partner companies to provide some services, including GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy/ How long we retain your data If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our content management system (WordPress) (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. We store information about our members in a database for as long as they are members of the club. This data must be stored in our database in order for the individual to be a member. For parents who are not members but register for our online membership system, we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. What rights you have over your data If you have an account with our CMS, or have left comments, you can request to 0 an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. If you have a (Parent) Membership Account with us, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Where we send your data We store your data on secure servers within the European Union or countries with which the European Union has a data privacy agreement. Visitor comments and emails may be checked through an automated spam detection service, which is externally run. Our partner GoCardless uses data from Northallerton ASC’s systems to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at gocardless.com/legal/privacy We use SendGrid to deliver emails from our WordPress and Online Account Systems. SendGrid will retain your email address for a short period before deleting it. This allows them to ensure that our emails are successfully delivered. They won’t store any other information about you. Other emails sent by Northallerton ASC are handled by Google. Your contact information We use your contact information provided via web forms, email communication, our CMS and Online Membership System to keep you up to date, contact you in an emergency and as a user identifier for login purposes. We won’t ever share such data with external partners which have not been listed in this privacy policy and will never share your contact information for marketing purposes. Additional information Updates to this privacy policy will be published online only. How we protect your data We work with approved partners and use encrypted databases to protect your personal data. What data breach procedures we have in place If Northallerton ASC becomes aware of a data breach, we will notify you within 24 hours and immediately cancel all passwords for user accounts. What third parties we receive data from Northallerton ASC may receive data from British Swimming, Swim England and affiliated nation, regional and county organisations, other local swimming clubs and Hambleton Council. What automated decision making and/or profiling we do with user data Northallerton ASC does not currently carry out automated decision making or profiling. Industry regulatory disclosure requirements Northallerton ASC makes checks with the Disclosure and Barring Service with regards to Coaches, Committee Members and Helpers.