Data & Privacy Policy

The Swords of Notting Hill

Effective Date: 8 July 2025

1. Introduction

Welcome to The Swords of Notting Hill! We are committed to protecting the privacy and security of your personal data and the personal data of your child. This Data Privacy Policy explains how we collect, use, store, and disclose your personal data and your child's personal data when you visit our website, register for membership, or engage with our club's activities.

The Swords of Notting Hill ("the Club", "we", "us", "our") acts as the Data Controller for the personal data we process, meaning we determine the purposes and means of processing that data.

This policy is designed to comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other relevant data protection legislation.

2. Our Contact Details

• Club Name: The Swords of Notting Hill

• Address: 71-75 Shelton Street, Coven Garden, WC2H9JQ, London

• Email: contact@nottinghillswords.co.uk

3. Types of Personal Data We Collect

We may collect and process the following categories of personal data:

A. Data from Members (Parents/Guardians & Children):

• Contact Information: Names, addresses, email addresses, phone numbers of parents/guardians.

• Child's Details: Child's name, group age, left or right handed.

• Health Information (Special Category Data): Medical conditions, allergies, injuries, emergency contact details. This is collected to ensure your child's safety and well-being during club activities. Explicit consent is sought for this.

• Membership & Activity Data: Membership start/end dates, attendance records, coaching progress.

• Financial Data: Payment details (e.g., bank account details for direct debits, credit card details processed by a third-party payment provider – we do not store full credit card numbers)

• Image & Video Data: Photographs and videos taken during club sessions (with your consent).

• British Fencing Membership Number: Required for affiliation.

B. Data from Website Visitors (Non-Members):

• Technical Data: IP address, browser type and version, operating system, device type, referral source, pages visited, time spent on pages. This is collected via cookies and similar technologies.

• Enquiry Data (if using contact form): Name, email address, phone number, and any message content you provide.

C. Data from Coaches/Volunteers:

• Contact Information: Name, address, email, phone.

• DBS/Background Check Information: Details related to criminal record checks (we only store confirmation of clearance, not the detailed record itself).

• Qualifications & Training Records: Coaching certifications, first aid, safeguarding training.

• Emergency Contact Details.

4. How We Collect Your Personal Data

We collect personal data from various sources:

• Directly from you: When you register for membership (online), complete contact forms on our website, communicate with us via email or in person, or provide health information.

• From your child: Directly during coaching sessions, but always with parental knowledge and consent for any personal data collection.

• Via our website: Through cookies and similar technologies (see Section 8: Cookies Policy).

• From third parties: Such as British Fencing (e.g., confirmation of membership status) or payment processors (e.g., payment confirmations).

5. Purposes and Lawful Basis for Processing Personal Data

We only process your personal data where we have a lawful basis to do so under GDPR.

• A. To Provide Membership Services & Coaching:

  • Purpose: To manage your child's membership, register them for classes, deliver coaching, track progress, communicate about club activities, and process payments.

  • Lawful Basis: Performance of a contract (your membership agreement with the club).

• B. For Safeguarding and Welfare:

  • Purpose: To ensure the safety and well-being of your child and all club members, manage medical conditions, respond to emergencies, and comply with safeguarding regulations.

  • Lawful Basis: Legal obligation (e.g., safeguarding laws) and legitimate interest (ensuring safety). For special category data (health), we rely on explicit consent (from parents for children) and/or substantial public interest (safeguarding of children and individuals at risk).

• C. For Website Functionality & Enquiries:

  • Purpose: To ensure our website functions correctly, respond to your queries submitted via contact forms, and improve user experience.

  • Lawful Basis: Legitimate interest (to operate our website effectively and respond to communications)

• D. For Administration & Legal Compliance:

  • Purpose: To maintain club records, manage coach/volunteer details (including DBS checks), comply with legal requirements (e.g., tax, financial reporting), and for insurance purposes.

  • Lawful Basis: Legal obligation and legitimate interest (for proper club administration and risk management).

• E. For Marketing & Promotion (with Consent):

  • Purpose: To share club news, upcoming events, or other relevant information.

  • Lawful Basis: Consent (we will only send marketing communications if you have explicitly opted in). You can withdraw consent at any time.

  • Image & Video Use: For promotional purposes (website, social media). Explicit consent from parents is obtained for all photos/videos of children.

6. Who We Share Your Personal Data With

We may share your personal data with the following categories of recipients:

• Payment Processors: To handle membership fees. We do not store your full payment card details.

• British Fencing: As the National Governing Body, we share necessary data (e.g., name, DOB, membership status) for your child's mandatory affiliation and for competition purposes.

• Coaches & Welfare Officer: Relevant data shared to enable coaching, ensure safety, and manage safeguarding concerns.

• Third-Party Service Providers:

  • Website Hosting Provider: Hostinger (as our data processor) for website operation and data storage.

  • Safeguarding Authorities: In serious cases where there is a legal obligation or safeguarding concern, we may share information with relevant statutory bodies (e.g., local authorities, police).

  • Emergency Services: In case of medical emergency.

We ensure that all third-party service providers are contractually obligated to protect your data in accordance with data protection laws.

7. Cookies Policy

Our website uses cookies and similar technologies. Cookies are small text files placed on your device to help the site provide a better user experience.

• A. Strictly Necessary Cookies:

  • These cookies are essential for our website to function correctly (e.g., session management, security, basic website builder functions). They are typically set by our website host (Hostinger).

  • Lawful Basis: Legitimate interest (to operate our website).

  • Consent: Not required under UK GDPR/ePrivacy Directive, but we inform you of their use.

• B. Functionality / Third-Party Cookies:

  • These cookies enable enhanced features (e.g., remembering your preferences) or are set by third-party services we embed.

  • Lawful Basis: Consent.

  • Consent: Explicit consent is required via our cookie consent banner.

8. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Membership Data: Retained for the duration of your child's membership and typically for a period of [e.g., 6 years] after membership ends to meet legal and financial obligations.

• Safeguarding Records: Retained in accordance with British Fencing guidelines, typically until the child reaches [e.g., 25 years old] or for a longer period if a concern remains outstanding.

• Enquiry Data: Retained for [e.g., 12 months] after your enquiry is resolved unless it leads to a membership.

• Cookie Data: Retention periods vary by cookie (session cookies expire when you close your browser; persistent cookies have defined expiry dates as detailed in our cookie consent tool).

9. Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

• The Right to be Informed: To know how your data is being used (as explained in this policy).

• The Right of Access: To request a copy of the personal data we hold about you/your child.

• The Right to Rectification: To request that we correct any inaccurate or incomplete personal data.

• The Right to Erasure (the "right to be forgotten"): To request that we delete your personal data in certain circumstances.

• The Right to Restrict Processing: To request that we limit the way we use your personal data in certain circumstances.

• The Right to Data Portability: To request that we transfer your personal data to another organisation in a structured, commonly used, machine-readable format.

• The Right to Object: To object to our processing of your personal data in certain circumstances (e.g., for direct marketing).

• Rights in relation to Automated Decision-Making and Profiling: We do not use automated decision-making or profiling that would have a significant effect on you or your child.

To exercise any of these rights, please contact our Data Protection Contact at contact@nottinghillswords.co.uk. We may need to verify your identity before fulfilling your request.

10. Children's Privacy

We take the privacy of children seriously. When collecting personal data from children for membership, we will always seek explicit consent from the parent or legal guardian. We aim to communicate directly with parents/guardians about data privacy matters.

11. Data Security

We have implemented appropriate technical and organisational measures to protect your personal data from accidental loss, unauthorised access, use, alteration, or disclosure. These measures include:

• Secure website hosting (Hostinger).

• SSL encryption for data in transit (HTTPS).

• Access controls to personal data for authorised personnel only.

12. Changes to This Data Privacy Policy

We may update this policy from time to time to reflect changes in our data processing practices or legal requirements. Any changes will be posted on this page, and where appropriate, we will notify you directly. We encourage you to review this policy periodically.

13. How to Complain

If you have concerns about how we are handling your personal data, please contact our Data Protection Contact at contact@nottinghillswords.co.uk in the first instance so we can try to resolve the issue.

If you are not satisfied with our response or believe we are not processing your data in accordance with the law, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK's supervisory authority for data protection issues.