What information do we collect and why?
The basis on which we collect and process your data is usually through consent. Sometimes there is a contractual reason such as being able to process a monthly recurring card payment. Occasionally there may be a legal reason for collecting data, such as for employees or, should you have an accident, we may need to provide details of this to the relevant health and safety authorities. We may also process your data based on our legitimate business interests for example in order to operate and improve our business.
The information we collect may include any of the following:
Any personal details you give us. Information you type into our websites or provide to one of our colleagues such as when you become a member, create your profile, update your member profile, make a booking, sign up for a class or visit our centre. This information may include your personal contact data, fitness-related data which has been obtained in order to create personalised fitness workouts for you or health related data. We use this to provide you with the services you request, tell you about services you are eligible for, to keep in contact with you, manage your account and the services we provide. If you contact us by email, via the website, in person or by telephone we may keep a record of your contact information and enquiry and may subsequently use your contact details to respond to your enquiry.
Information which allows us to recognise you.
Such as an unique ID number and mugshot that helps us identify you.
Details of your transactions.
We collect data for any transactions you carry out through our websites and services, so that we can administer the services you have with us. Please note that we never store your payment details on our website.
Sensitive Health Data
We collect any personal health data you provide to us when registering for membership. Splashworld will not disclose your personal data to third parties except in exceptional circumstances, for example, if you suffer an injury or experience a medical difficulty on or in the vicinity of the Splashworld. We may ask you for information about your health in order to recommend appropriate exercise regime.
We will store your bank account number and sort code data where you have a recurring card payment plan in place. When the recurring card mandate finishes we will remove this data from our operational systems within 30 working days. We process bank card information at the time we take payment. This data is not stored on our systems and is processed on Payment Card Industry Data Security Standard compliant banking systems.
Information about website visits including IP address.
The IP address is your computer’s individual identification number. We use your IP address to capture information about website visits so we can learn more about how our customers use the website in order to find ways to improve the website and our products and services for your benefit.
This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.
We may record customer comments and surveys about how we are performing. We will only do this on the basis of given consent.
Your communications preferences.
We keep a record of any permissions and preferences you give us about what types of communication you are happy to receive from us.
Data relating to children
Data recorded on children include swimming lessons (booking and level information) and teen gym membership information. Children aged under 18 years must have a parent or guardian’s consent before providing personal information to us. We do not wish to collect any personal information without this consent.
How do we store and protect your personal information?
These are the basic guidelines we use to look after your personal data.We maintain secure systems to protect your personal information. We respect your wishes about how we contact you, whether by post, telephone, email or text message. We will update your information or preferences promptly when you ask us to. We will respond fully to requests from you to see the information that we hold on you. We will not hold your personal information for longer than is necessary for our legitimate business purposes. We follow strict procedures when storing or handling information that you have given us. Some information is encrypted, such as payment transactions and password. We will never sell your personal information to a third party.
We retain personal information as long as we consider it useful to contact you, or as needed to comply with our legal obligations. Where data is not needed for legal or statutory purposes we will delete this information if you request. See the contacts section to request your data to be deleted.
Services provided by contracted third parties
Splashworld may share information with third-party
Splashworld will never sell your personal information to any third party for marketing or other purposes.
How do we use your information?
We use your information to help us provide and improve our services for you. We may use your information in the following ways to provide you with any services that you have purchased. Check your identity. To check your eligibility where appropriate. To update our records with any new information you give us. To notify you if we will be unable to provide a service you have booked before. To provide marketing communications (if you have given us your permission). For research and analysis so we can develop and improve our services for your benefit. To tailor our communications to you to ensure relevance (if you do not want us to do this please contact us using the details below). To comply with legal requirements. To safeguard users of our services
Keeping you updated
There are certain communications we need to send to you so we can provide our services. We call these service communications and include for example notices about your direct debit payments, change of password, registration confirmations, appointment reminders and waiting list announcements. We would not be able to provide you with services if we did not send these.
We may from time to time contact you about our services or products we think you might find interesting by email, by post, telephone or SMS, but only if you have given us your permission to do so.
If you do not want us to contact you other than for service emails let us know when you next visit us or contact us using the details below. You may also opt-out of email or any other communications by contacting the Data Protection Officer at firstname.lastname@example.org, or by letting us know in one of our centres or health service groups.
Accuracy of data
We will always try to ensure the data we hold about you is accurate and relevant. If you believe the information we hold about you is out of date or incorrect, please tell a member of staff or see the contacting us section below. You will need a form of identification to request any changes.
Seeing your data – subject access request
The Data Protection Act 1998 and the General Data Protection Regulation give you the right to know what personal information we hold about you. This is called a Subject Access Request. If you would like to make a request you should write to the Data Controller – see contacting us section.
Removing your data
If you no longer use our services and products and wish us to delete your personal data we will do this if there are no legal or statutory regulations requiring us to keep this information. Please write to the Data Controller – see contacting us section.
You can contact us using the details below to restrict the processing of your data including some processing we do under legitimate business interests.
Complaints about how we manage your data
If you are not happy about the way we manage your data please contact us as quickly as possible by contacting us. You may also write to the Data Controller – who will investigate your complaint and get back to you as soon as possible.
Data Protection Commissioner’s Office (DPO)
The office of the Data Protection Commissioner is established under the 1988 Data Protection Act. The Data Protection Amendment Act, 2003, updated the legislation, implementing the provisions of EU Directive 95/46. The Acts set out the general principle that individuals should be in a position to control how data relating to them is used.
The Data Protection Commissioner is responsible for upholding the rights of individuals as set out in the Acts, and enforcing the obligations upon data controllers. The Commissioner is appointed by Government and is independent in the exercise of his or her functions. Individuals who feel their rights are being infringed can complain to the Commissioner, who will investigate the matter, and take whatever steps may be necessary to resolve it. More info here: https://www.dataprotection.ie
Links to other websites
Our websites may contain links to and from external websites, advertisers and affiliates. If you follow a link to other sites please note that these will be governed by their own privacy policies. We cannot accept liability for data use on those websites.
The purpose of this policy is to regulate the use of Closed Circuit Television (CCTV) and its associated technology when monitoring both the internal and external environs of Splashworld premises under the remit of Tramore Water Centre CLG. A copy of this CCTV Policy will be made available on the www.splashworld.ie website, provided to all Splashworld staff, customers and members and a copy will be provided to visitors on request.
This policy applies to all personnel in and visitors to Splashworld, Railway Squre, Tramore, Co. Waterford. Moreover, it relates directly to the location and use of CCTV, and the monitoring, recording and subsequent use of such recorded material. The CCTV Policy is in place to enable Splashworld to operate the CCTV system within the the centre. This policy prohibits CCTV monitoring based on the characteristics and classifications contained in equality and other related legislation e.g. race, gender, sexual orientation, national origin, disability etc. Furthermore, CCTV monitoring is limited to uses that do not violate the reasonable expectation to privacy as defined by law. The CCTV cameras will be used to: protect the Splashworld buildings and assets, both during and outside of operational hours (the system will be in operation 24 hours a day, every day); promote the health and safety of personnel and visitors; support the Gardaí in a bid to deter and detect crime; and assist identifying, apprehending and prosecuting offenders. The personal data recorded and stored by the CCTV system will be used only for the purposes outlined in this policy document. Collection, storage and use of CCTV footage shall be in compliance with Data Protection legislation.
The data controller in respect of images recorded and stored by the CCTV system at the Splashworld premises. The data processor is also Splashworld. The manager and data protection officer is responsible for monitoring the implementation and compliance of the CCTV policy within Splashworld.
The fair obtaining principles inherent in the Data Protection Acts 1988 and 2003 require that those people whose images may be captured on camera are so informed. Accordingly, the Splashworld Data Protection Officer will provide a copy of this CCTV Policy to staff, customers and , and on request to visitors to Splashworld. Adequate signage will be placed at each location in which CCTV 14 cameras are situated to indicate that CCTV is in operation (locations listed in following section). Signage shall include the name and contact details of the data controller as well as the specific purpose for which the CCTV camera is in place in each location.
Location of Cameras
14 cameras record activities throughout the premises as follows: External Camera looking at front entrance and steps. 2 Reception camera positioned over the changing hall door looking at the Reception desk. 3 cameras looking at the pool area and steps to flumes. 3 cameras in the pool changing hall looking at entrance points and lockers. 1 camera in the studio positioned facing door. 2 cameras in the gym at opposite ends pointing at entrances to either stairwell access. 1 at the top of stairs over the office door looking at people coming up the stairs and entering office/gym 1 on the back stairs looking at pool access and emergency doors.
Operation of the System
The recording system is an Alhua Technology, XVR 16 V1, a solution which records video data over TCP/IP networks. The system can only be accessed by
Access to the CCTV system and stored images will be restricted to authorised personnel only (as indicated below). In relevant circumstances, CCTV footage may be accessed: By An Garda Síochána where the Splashworld are required by law to make a report regarding suspected crime; Following a request by An Garda Síochána when a crime or suspected crime has taken place and/or when it is suspected that illegal/anti-social behaviour is taking place on the Splashworld premises; To data subjects (or their legal representatives), pursuant to an access request where the time, date and location of the recordings is furnished to the Splashworld; To individuals (or their legal representatives) subject to a court order; To Splashworld’s insurance company where the insurance company requires the same in order to pursue a claim for damage done to the insured property. Any person whose image has been recorded, has a right to be given a copy of the information recorded, providing that such an image/recording exists (i.e. that it has not been deleted), and provided that an exemption/prohibition does not apply to the release. To exercise that right, a person must make an application in writing to the Splashworld using the Data Access Form found on the website, providing sufficient information to identify themselves, giving a reasonable indication of the time period sought, and identifying the location of the camera. If the person is under eighteen years, the parent or guardian may make an application. The cost for making this application is €6.35 and will be borne by the applicant. Requests must be responded to by Splashworld within 40 days. Access requests can be made to Gaye McAuliffe. When a data access request is received, the relevant footage is copied and a specific retention time is assigned to this copy. In giving a person a copy of his/her data, the data controller may provide a still/series of still pictures, a tape or a disk with relevant images. However, other people’s images should be obscured before the data is released. Data will be delivered to the requester ensuring that security measures have been considered and implemented. A log of access to images will be maintained. If the image is of such poor quality as not to clearly identify an individual, that image may not be considered to be personal data.
Providing CCTV Images to An Garda Síochána
With regard to requests from An Garda Síochána to download footage, the Data Protection Commissioner recommends that requests for copies of CCTV footage should only be granted when a formal written (or fax) request is provided to the Splashworld stating that An Garda Síochána is investigating a criminal matter. For practical purposes, and to expedite a request speedily in urgent situations, a verbal request may be sufficient to allow for the release of the footage sought. However, any such verbal request must be followed up with a formal written request. It is up to the Splashworld to be satisfied that there is a genuine investigation underway. For practical purposes, a phone call to the requesting Garda’s station may be sufficient, provided that you speak to a member in the District Office, the station sergeant or a higher ranking officer, as all may be assumed to be acting with the authority of a District/Divisional officer in confirming that an investigation is authorised. A log of all An Garda Síochána requests will be maintained by the Splashworld and data processors. Any such requests should be on An Garda Síochána headed paper, quote the details of the CCTV footage required and should also cite the legal basis for the request (i.e. Section 8(b) of the Acts). Prior to the Splashworld issuing any CCTV images to An Garda Síochána, it will be discussed and agreed with the responsible Splashworld staff member. There is a distinction between a request by An Garda Síochána to view CCTV footage and to download copies of CCTV footage. In general, An Garda Síochána making a request to simply view footage on the premises of a data controller or processor would not raise any specific concerns from a data protection perspective.
Review and Approval of the CCTV Policy
This policy will be reviewed and updated regularly to take into account changing Data Protection legislation or guidelines from the Data Protection Commissioner, An Garda Síochána, and relevant bodies.
Child Safeguarding Policy
Name of service being provided: Recreation and leisure. Tramore Water Centre CLG T/A Splashworld.
Nature of service and principles to safeguard children from harm:
We have carried out an assessment of any potential for harm to a child while availing of our services. Below is a list of the areas of risk identified and the list of procedures for managing these risks.Risk area identified: Swimming pool area. Procedure in place to manage identified risk: Lifeguards/Swimming Instructors on duty. Safeguarding protocol. Entry control at reception.
Risk area identified: Changing Hall Area. Procedure in place to manage identified risk: Lifeguards/Swimming Instructors on duty. Safeguarding protocol. Entry control at reception; Risk area identified: Gym Area. Procedure in place to manage identified risk: Lifeguards/Swimming Instructors on duty. Safeguarding protocol. Entry control at reception; All staff have been Garda vetted and have done Child Safeguarding courses. CCTV is in all above areas.
Our Child Safeguarding Statement has been developed in line with requirements under the Children First Act 2015, Children First: National Guidance for the Protection and Welfare of Children (2017), and Tusla’s Child Safeguarding: A Guide for Policy, Procedure and Practice. In addition to the procedures listed in our risk assessment, the following procedures support our intention to safeguard children while they are availing of our service:Procedure for the management of allegations of abuse or misconduct against workers/volunteers of a child availing of our service;
Procedure for the safe recruitment and selection of workers and volunteers to work with children; Procedure for provision of and access to child safeguarding training and information, including the identification of the occurrence of harm; Procedure for the reporting of child protection or welfare concerns to Tusla; Procedure for maintaining a list of the persons (if any) in the relevant service who are mandated persons; Procedure for appointing a relevant person. All procedures listed are available upon request.
We recognise that implementation is an on-going process. Our service is committed to the implementation of this Child Safeguarding Statement and the procedures that support our intention to keep children safe from harm while availing of our service.