Beyond Swim Band Website and App privacy policy

This privacy notice tells you what to expect when The ID Band Company Limited processes your personal information.

How we use your information

This website and the Beyond Swim Band App are operated by The ID Band Company Limited (IDBandCo) exclusively for ‘Beyond Swim’ which is operated by Triathlon England – one of the three home nations of the British Triathlon Federation (“BTF”), a company registered in England and Wales, registration number 02995438, whose registered postal address is PO Box 25, Loughborough, LE11 3WX. Throughout the site, the terms “we”, “us” and “our” refer to IDBandCo in connection with the provision of ID bands and related services or to BTF in connection with participation in Beyond Swim. IDBandCo and BTF are each independent data controllers of the information collected through our site (sportsguardian.com/beyond_swim). This policy (together with the Beyond Swim privacy policy here https://beyondswim.org/privacy-policy/ sets out how we each use your personal data.

This privacy notice applies to information we collect about:
  • Individuals who purchase a Beyond Swim Band; and
  • Users of the Beyond Swim Band App.

1.1 Our commitment to protecting your personal information

Whenever you provide personal information to a third party, that party is legally obliged to use your information in line with data protection law.

This privacy policy explains the following:
  • the services available via the Beyond Swim Band App and who is involved;
  • who the controller is for the personal data processed when you use the Beyond Swim Band App;
  • what information is collected about you;
  • what information is held about you;
  • how your personal data is used and why;
  • where your data is stored;
  • your rights;
  • points of contact for queries, objections and complaints.
In this privacy policy the following terms have the following meanings:

Controller: "The person or entity which alone or with others determines the purposes or means or processing of personal data".
Processor: "Any person or legal entity who processes personal data on behalf of the controller".

2. The Beyond Swim Band App services

The Beyond Swim Band App allows you to use the following services with a secure login:
  • Access and update your personal information including your name, address and email address, Beyond Swim pass [ID/number and:
    • Medical conditions (one primary and unlimited secondary conditions);
    • Allergies;
    • Medications;
    • Medical history;
    • Additional information/notes;
    • ICE contacts (name, relationship, contact numbers);
  • Check into and out of Beyond Swim Band zones set up by participating venues;
  • View your attendance record and timings (how long they were checked into a venue zone);
  • Show the participating venues that you attend;
  • Disable the QR code on the Beyond Swim Band in the event it is lost or stolen.

3. Personal data - who controls its use

IDBandCO is the controller of your personal data. The processor of your personal data will depend on the service to which it relates. For example:

3.1 BTF

BTF will have access to your personal data for the purposes of:
  • Recording sales of Beyond Swim Bands;
  • Measuring and analysing attendance at participating Beyond Swim venues via Beyond Swim Band App check in and check out;
  • Analysing incidents triggering use of the Beyond Swim App;
  • Monitor and develop the safety of open water swimming by monitoring use of the Beyond Swim Band App and inviting users to participate in surveys for research and development purposes.

3.2 Participating venues

Participating venues and their authorised staff will have access to your personal data for the purposes of:
  • Monitoring and recording check ins and check outs of their venue zones for the purposes of monitoring participant numbers and ensuring the health and safety of swimmers;
  • Monitoring and recording length of time checked in to their venue zones for the purposes of monitoring venue zone use, identifying peak and off-peak times;
  • Providing relevant personal information to venue staff and the emergency services in the event of an accident or medical incident.

3.3 Paramedics and Emergency Services

In the event of a medical incident or emergency while you are checked in at a participating venue, attending paramedics will have access to your personal data via the personalised QR code on your Beyond Swim Band and the data printed thereon for the purposes of:
  • Identifying you;
  • Identifying any pre-existing medical conditions;
  • Identifying any allergies;
  • Being made aware of any additional information provided by you;
  • Contacting your ICE contacts.

3.4 General Public

In the event of a medical incident or emergency while you are checked in at a participating venue, and in the absence of any venue staff, paramedic or emergency services, members of the public can access your personal information via the personalised QR code on the Beyond Swim Band and the data printed thereon for the purposes of:
  • Identifying you;
  • Identifying any pre-existing medical conditions;
  • Identifying any allergies;
  • Being made aware of any additional information provided by you;
  • Contacting your ICE;
  • Conveying any or all of this information to venue staff, paramedics and emergency services.

3.5 Processors

When organisations are engaged to process your personal information on behalf of a different controller organisation, there will always be a contract in place. These processor organisations must have agreed to keep your information secure and only use it for the purposes they have been instructed to.

4. Features

4.1 Beyond Swim Band App messaging

Beyond Swim Band App messaging enables us to send you general communications and updates relating to the Beyond Swim Band App and services available within it.

4.2 User research panel

We would like to contact you about taking part in user research to improve the Beyond Swim Band App and connected services. We will ask you if you would like to join our user research panel when you register for the Beyond Swim Band App or on a subsequent login. If you choose to do so, we may ask you to:
  • try new features;
  • answer questions by email;
  • talk to our researchers about your experience of using the Beyond Swim Band App or connected services.
You can always say no to an invite, and you can leave the user research panel at any time.

5. What information we collect about you and how it is used

The information processed for the purposes of the Beyond Swim Band App can be split into a number of different categories:
  • Beyond Swim Band App audit data: information captured about your use of the Beyond Swim Band App, such as the time of use, actions you took using the Beyond Swim Band App, and associated technical log events.
  • Beyond Swim Band App messaging: if we send messages, we will use your Beyond Swim Band App account to do this.
  • Beyond Swim Band App mailing list membership(s) We contract a specialist organisation to send out bulk emails and manage our lists of email subscribers. We use only your email address and mailing preferences needed to operate this service.
  • Beyond Swim Band App feedback & surveys: the personal data you provide if you provide feedback such as responding to one of our surveys.

6. How we use your personal data and why

The processing of your personal data is necessary to provide you with Beyond Swim Band services and ensure the functionality of the Beyond Swim Band App works.

You will not be able to use the Beyond Swim Band App unless you have agreed to its terms of use and this privacy policy.

The organisation that is the processor of your personal data will depend on the information in question.

We may need to share your personal information if we are required to do so by law.

How and why we use your personal data

Under data protection law, we can only use your personal data if we have a proper reason, eg:
  • where you have given consent;
  • to comply with our legal and regulatory obligations;
  • for the performance of a contract with you or to take steps at your request before entering into a contract; or
  • for our legitimate interests or those of a third party.
The table below explains what we use your personal data for and why.

What we use your personal data for Our reasons
Providing products and services to you To perform our contract with you or to take steps at your request before entering into a contract
Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business To comply with our legal and regulatory obligations
Statistical analysis to help us manage our business Legitimate interest in relation to [our financial performance, customer base, product range or other efficiency measures
For our legitimate interests or those of a third party Legitimate interest to be as efficient as we can so we can deliver the best service to you at the best price
Preventing unauthorised access and modifications to systems For our legitimate interests or those of a third party
Marketing our products and services For our legitimate interests

Marketing

We may use your personal data to send you updates (by email, text message, telephone or post) about our products or services], including exclusive offers, promotions or new products or services. We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. However, where consent is needed, we will ask for this separately and clearly.

You have the right to opt out of receiving marketing communications at any time by:
  • contacting us at sales@theidbandco.com; or
  • using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
We may ask you to confirm or update your marketing preferences if you ask us to provide further products or services in the future, or if there are changes in the law, regulation, or the structure of our business.

Who we share your personal data with

We routinely share personal data with:
  • third parties we use to help deliver our products and services to you, e.g. payment service providers, Royal Mail, marketing services and agencies, email marketing providers, website hosts, app hosts and data processors.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.

We may also need to:
  • share personal data with external auditors;
  • disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations;
  • share some personal data with other parties, such as potential buyers of some or all of our business or during a restructuring—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.
If you would like more information about who we share our data with and why, please contact us (see ‘How to contact us’ below).

6.1 Legal basis for using each category of information and how long IDBandCo hold the data for

Category of information Legal basis for using this data
Personal information Provision of Beyond Swim Band products and services to you
Medical information Provision of Beyond Swim Band products and services to you
ICE contacts Provision of Beyond Swim Band products and services to you
Beyond Swim Band App mailing list membership(s) Your consent specifically provided when you opted to join a mailing list
Feedback and surveys Your consent via acceptance of our privacy policy and giving your agreement to take part in a survey

Where this data is stored and processed

We only store and process your personal data within the UK, European Economic Area (EEA) and USA. Whenever your data is transferred outside the EU we will make sure the organisation receiving the personal data has provided adequate safeguards.

7. Your rights

Under the Data Protection Act 1998 and General Data Protection Regulation, you have rights as an individual which you can exercise in relation to the information we hold about you. You can read more about these rights at https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/.

Your rights include:
  • your right to request access to the personal information that we hold about you by making a subject access request;
  • if you believe that any of your personal information is inaccurate or incomplete, you have a right to request that we correct or complete your personal information;
  • your right to request that we restrict the processing of your personal information for specific purposes; and
  • if you wish us to delete your personal information, we will do so at your request.

Access to personal information

We try to be as open as we can in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’. If we do hold information about you, we can:
  • give you a description of it;
  • tell you why we are holding it;
  • tell you who it could be disclosed to; and
  • let you have a copy of the information in an intelligible form.
To make a request to us for any personal information we may hold, please contact us using the contact details provided below. This description on your rights will not limit any other right granted to you as a ‘data subject’ under GDPR or any other applicable law.

Complaints or queries

We try to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. Please contact us using the contact details provided further down this page.

You also have the right to lodge a complaint with a supervisory authority, which, in this instance, is the Information Commissioner’s Office (ICO). If you want to make a complaint about the way we have processed your personal information, you should do so on the ICO website: https://www.ico.org.uk/concerns.

8. Points of contact for queries

If you have any queries in relation to the use of your personal data within the Beyond Swim Band App or if you would like to register a complaint, or simply want more information contact:

IDBandCo: Privacy Compliance Officer at sales@theidbandco.com or by mail at Privacy Compliance Officer, The ID Band Company, Unit 9 Oak Drive, Lionheart Enterprise Park, Alnwick, NE66 2EU, United Kingdom.

Beyond Swim: email us at dataprotection@britishtriathlon.org or write to us at Data Protection, British Triathlon, PO Box 25, Loughborough, LE11 3WX.

9. Changes to the privacy policy

The terms of our privacy policy may change from time to time. We will inform you via the Beyond Swim Band App and request your continued agreement if we make any significant changes to our privacy policy, cookies policy or terms of use.