Privacy Policy

(for The Old Rectory Swimming Pool — UK GDPR compliant)

1. Introduction

This Privacy Policy explains how The Old Rectory Swimming Pool (“we”, “us”, “our”) collects, uses, and protects your personal information. We are committed to safeguarding your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions, you can contact us at:
bookings@theoldrectorysheering.co.uk

2. What personal data we collect

We collect personal information when you:

a) Make a booking

  • Name
  • Email address
  • Phone number
  • Booking details (date, time, service)
  • Payment information (processed securely by our payment provider — we do not store card details)

b) Contact us

  • Name
  • Email address
  • Any information you include in your message

c) Use our website

  • IP address
  • Browser type
  • Device information
  • Cookies (see Cookie Policy)

d) Social media

If you interact with us on Facebook, we may see your public profile information.

Security Camera Use

We use security cameras in the pool area and surrounding access points for the purposes of safety, security, and incident investigation.
Cameras are positioned only in public areas — never in changing rooms, toilets, or other private spaces.

What we collect:

  • Video footage only (no audio)

Why we collect it:

  • To ensure the safety of swimmers
  • To protect our property
  • To investigate incidents or misuse

How long we keep footage:

  • Typically 14–30 days, unless required for an ongoing investigation

Who can access it:

  • Only authorised staff
  • Police or authorities where legally required

Your rights:
You can request access to footage that includes you, subject to certain legal limitations. Contact: bookings@theoldrectorysheering.co.uk.

3. How we use your data

We use your information to:

  • Process and manage bookings
  • Communicate with you about your booking
  • Respond to enquiries
  • Improve our website and services
  • Maintain safety and security
  • Meet legal and regulatory obligations

We do not sell your data.

4. Legal basis for processing

We process your data under the following lawful bases:

  • Contract — to provide the service you have booked
  • Legitimate interests — to run and improve our business
  • Consent — for optional cookies or marketing (if used)
  • Legal obligation — for tax, safety, or regulatory requirements

5. How long we keep your data

We retain personal data only as long as necessary:

  • Booking records: up to 7 years (legal requirement)
  • Enquiry emails: up to 12 months
  • Website analytics: typically 26 months (depending on provider settings)

6. Sharing your data

We may share your data with trusted third parties who help us operate our business, including:

  • Booking system provider
  • Payment processor
  • Email hosting provider
  • Website hosting provider
  • Analytics tools (if used)

These providers only process your data on our instructions and must keep it secure.

7. Your rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion
  • Restrict processing
  • Object to processing
  • Request data portability

To exercise your rights, email:
bookings@theoldrectorysheering.co.uk

8. How we protect your data

We use technical and organisational measures to keep your data secure, including:

  • Encrypted website (HTTPS)
  • Secure hosting
  • Restricted access to booking and email systems

9. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website.