SwimTech Academy ("we," "us," or "our") is committed to protecting the privacy and personal data of all our participants, including children, in accordance with the Kenya Data Protection Act, 2019 and the EU General Data Protection Regulation (GDPR) where applicable.
This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services, website, and participate in our swimming programs.
1. Data Controller
The data controller responsible for your personal data is:
SwimTech Academy
Nairobi, Kenya
Email: privacy@swimtec.co.ke
Data Protection Officer: dpo@swimtec.co.ke
2. Information We Collect
2.1 Information You Provide
- Identity Data: Full name, date of birth, gender, national ID/passport number
- Contact Data: Email address, phone number, physical address
- Health Data: Medical conditions, allergies, disabilities relevant to swimming
- Financial Data: M-PESA phone numbers, payment transaction records
- Parent/Guardian Data: For minors, we collect parent/guardian contact and identification information
- Emergency Contacts: Names and phone numbers of emergency contacts
2.2 Information We Collect Automatically
- Technical Data: IP address, browser type, device information when using our website
- Usage Data: Pages visited, time spent, interactions with our platform
- Attendance Data: Check-in/check-out times, session attendance records
2.3 Media and Images
- Photographs taken during training sessions and events
- Video recordings of swimming activities and competitions
- Audio recordings (where applicable)
3. Children's Privacy (Special Provisions)
We take the privacy of children very seriously. SwimTech Academy provides services to minors (persons under 18 years) and we have specific protections in place:
3.1 Parental Consent
- We only collect personal data of children with verified parental or guardian consent.
- Registration of minors must be completed by a parent or legal guardian.
- Parents can review, modify, or request deletion of their child's data at any time.
3.2 Data Minimization for Children
- We collect only the minimum data necessary for program participation.
- Health data is collected only when essential for safety.
- We do not share children's data with third parties except as necessary for service delivery.
3.3 Children's Media
- Photos and videos of children are captured with parental consent.
- Parents may opt out of public-facing media use for their children.
- Children's images are stored securely and access is restricted.
- We never publish children's personal details alongside photos without explicit consent.
4. How We Use Your Information
We process your personal data for the following purposes:
| Purpose | Legal Basis |
|---|---|
| Program registration and enrollment | Contract performance |
| Processing payments (M-PESA, card) | Contract performance |
| Health and safety management | Vital interests / Legal obligation |
| Emergency contact purposes | Vital interests |
| Progress tracking and reporting | Legitimate interests |
| Marketing and promotional activities | Consent |
| Photo/video capture and publication | Consent |
| Website analytics and improvement | Legitimate interests |
| Legal compliance and record keeping | Legal obligation |
5. Use of Photos, Videos, and Media
By enrolling in our programs (or providing consent for your child), you grant SwimTech Academy permission to capture and use media for the following purposes:
- Social media marketing (Facebook, Instagram, TikTok, YouTube, etc.)
- Website content and promotional materials
- Print advertising and brochures
- Progress documentation and training analysis
- Event coverage and competition highlights
- Press releases and media coverage
Your Rights Regarding Media
- Opt-out: You may request exclusion from public-facing media at any time.
- Review: You may request to see what media featuring you/your child we hold.
- Deletion: You may request removal from our media library (future use only).
- Requests should be sent to privacy@swimtec.co.ke
6. Sharing Your Information
We may share your personal data with:
- Pool Facility Operators: Basic registration data required for facility access
- Payment Processors: M-PESA (Safaricom), card payment gateways for transaction processing
- Insurance Providers: If applicable, for claims processing
- Swimming Federations: Competition registration data for galas and events
- Emergency Services: Medical information in case of emergency
- Legal Authorities: When required by law or court order
We do not sell your personal data to third parties or use it for purposes other than those stated in this policy.
7. International Data Transfers
Your data is primarily stored and processed in Kenya. However, some of our service providers (e.g., cloud hosting, email services) may process data in other countries.
When transferring data internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the Office of the Data Protection Commissioner of Kenya.
8. Data Retention
We retain your personal data for the following periods:
- Active participants: Duration of enrollment plus 3 years
- Financial records: 7 years (as required by Kenyan tax law)
- Health records: 5 years after last attendance
- Children's data: Until the child reaches 21 years, unless earlier deletion requested
- Media files: Indefinitely, unless deletion is requested
- Website analytics: 26 months
9. Your Data Protection Rights
Under the Kenya Data Protection Act and GDPR (where applicable), you have the following rights:
Right to Access
Request a copy of your personal data we hold
Right to Rectification
Request correction of inaccurate data
Right to Erasure
Request deletion of your data ("right to be forgotten")
Right to Restrict Processing
Request limitation of how we use your data
Right to Data Portability
Receive your data in a portable format
Right to Object
Object to processing based on legitimate interests
Right to Withdraw Consent
Withdraw consent at any time for consent-based processing
To exercise any of these rights, please contact us at privacy@swimtec.co.ke. We will respond within 30 days.
10. Data Security
We implement appropriate technical and organizational measures to protect your data:
- Encryption of data in transit and at rest
- Access controls and authentication for staff
- Regular security assessments and updates
- Staff training on data protection
- Secure cloud infrastructure with data centers
- Incident response procedures for data breaches
11. Complaints
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the regulatory authority:
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Significant changes will be communicated via email to registered participants or notice on our website. The "Last updated" date at the top of this policy indicates when it was last revised.
Contact Us
For privacy-related inquiries, please contact:
SwimTech Academy - Data Protection
Email: privacy@swimtec.co.ke
Data Protection Officer: dpo@swimtec.co.ke
Phone: +254 700 000 000
Nairobi, Kenya