NeoSwim Ltd
Privacy Policy
Last updated: 16 May 2026
1. Introduction
NeoSwim Ltd (“NeoSwim”, “we”, “us” or “our”) provides qualified swimming instructors who deliver lessons at our clients’ private home swimming pools across the United Kingdom. Bookings are taken through our online booking system at www.neo-swim.co.uk (the “Website”).
This Privacy Policy explains how we collect, use, share and protect personal data about our clients, prospective clients, lesson participants (including children) and Website visitors. It also sets out the rights you have in relation to the personal data we hold about you.
We are committed to protecting your personal data and handling it in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003 (PECR).
2. Who we are and how to contact us
NeoSwim Ltd is the “controller” of the personal data described in this Policy. This means we are responsible for deciding how and why your personal data is processed.
Company name: NeoSwim Ltd
Company number: 14430537 (registered in England and Wales)
Registered office: 70 The Avenue, Gosport, Hampshire, PO12 2JU
Email: contact@neo-swim.co.uk
Website: www.neo-swim.co.uk
We are registered with, and pay the annual data protection fee to, the UK Information Commissioner’s Office (ICO).
We have not appointed a statutory Data Protection Officer because we are not required to do so. The director responsible for data protection matters can be contacted using the details above.
3. The personal data we collect
We collect personal data when you make a booking enquiry, register an account, book or attend lessons, communicate with us, or visit our Website. The categories of personal data we collect are set out below.
3.1 Account holder and client details
Full name and title.
Postal address of the property where lessons will take place (and billing address, if different).
Email address and telephone number(s).
Account login details (username and a hashed password).
Booking history and correspondence with us.
3.2 Lesson participant details (including children)
Full name of each person taking lessons.
Date of birth or age (so that lessons are matched to the participant’s ability and so that we know when the participant is a child).
Swimming ability, prior experience and lesson goals.
Name and contact details of a parent or legal guardian where the participant is under 18.
3.3 Health and medical information (special category data)
Where it is relevant to swimming lessons and the safety of the participant and instructor, we collect information about the participant’s health, including:
Medical conditions, disabilities or injuries that may affect participation in lessons (for example asthma, epilepsy, heart conditions, ear conditions, allergies).
Medication that the participant uses during lessons or that the instructor may need to be aware of in an emergency.
Emergency contact details.
Any medical or liability statements, declarations or consents you provide as part of booking.
Information about health is “special category” personal data under the UK GDPR and we apply additional safeguards to it (see Section 11).
3.4 Home pool risk assessment information
Pool dimensions, depths, location (indoor / outdoor) and access arrangements.
Pool surrounds, surfaces, fencing, covers and safety equipment.
Water treatment / chemicals used and whether the pool is heated.
Photographs of the pool and pool area where you choose to provide them.
Hazards or other matters relevant to the safe delivery of lessons.
3.5 Payment information
When you pay for lessons, payments are mostly completed via bank transfer. When paying though an online system payment details (such as card details) are collected and processed directly by our third-party payment provider. We receive a record of the transaction (amount, date, reference, last four digits of the card), but we do not store full payment card details on our systems.
3.6 Website and technical data
IP address, device type, browser type and version, and operating system.
Pages visited, time spent on the Website and referring URLs.
Cookie identifiers and similar technologies — see Section 9.
3.7 Information from other sources
Most of the personal data we hold is provided directly by you. Occasionally we may receive personal data from a parent, guardian, family member or other person making a booking on the participant’s behalf, or from a referrer who has recommended our services.
4. Why we use your personal data and our lawful basis
Under the UK GDPR we must have a lawful basis for each purpose for which we use your personal data. The table below summarises the main purposes for which we process personal data and the lawful basis we rely on for each.
Purpose: Setting up and administering your account, taking and managing bookings, communicating with you about lessons, and providing customer support.
Lawful basis: Performance of a contract with you (or steps prior to entering into a contract).
Purpose: Sending essential service messages such as booking confirmations, schedule changes, cancellations, instructor allocations and invoices.
Lawful basis: Performance of a contract with you.
Purpose: Carrying out home pool risk assessments and adapting lessons accordingly.
Lawful basis: Performance of a contract with you, and our legitimate interests in ensuring the health and safety of clients, lesson participants and instructors.
Purpose: Using medical and health information to deliver lessons safely and to respond to incidents or emergencies.
Lawful basis: Explicit consent (which you provide when you submit medical information at booking). For special category data we additionally rely on Article 9(2)(a) UK GDPR (explicit consent), and where relevant Article 9(2)(c) (vital interests) in an emergency.
Purpose: Keeping medical statements, liability statements and related records for the period set out in Section 7.
Lawful basis: Compliance with a legal obligation and our legitimate interests in being able to defend and respond to claims and complaints.
Purpose: Taking payment and keeping accounting and tax records.
Lawful basis: Performance of a contract with you and compliance with our legal obligations (including tax law).
Purpose: Running, monitoring and improving the Website (including basic analytics).
Lawful basis: Our legitimate interests in running and improving our business; for non-essential cookies, your consent (see Section 9).
Purpose: Responding to enquiries and complaints, and dealing with disputes or legal claims.
Lawful basis: Our legitimate interests in operating our business and establishing, exercising or defending legal claims; compliance with legal obligations.
Where we rely on consent, you can withdraw it at any time by contacting us at contact@neo-swim.co.uk. Withdrawing consent for the processing of medical information may mean that we are unable to continue to provide lessons safely.
We do not use your personal data for automated decision-making producing legal or similarly significant effects, and we do not use it for profiling.
5. Children
A significant proportion of our lessons are delivered to children under 18. Where the participant is a child:
The booking, account and consents (including consent to the processing of medical information) must be made by a parent or person with parental responsibility.
We will collect only the personal data we need to deliver lessons safely and effectively.
We do not market to children and we do not knowingly collect personal data directly from a child without parental involvement.
6. Who we share your personal data with
We do not sell your personal data. We share it only in the limited circumstances set out below.
6.1 Our swimming instructors
Our instructors are engaged as self-employed contractors. To deliver your lessons, the instructor assigned to you will be given the personal data they need, which typically includes the participant’s name and age, lesson address and access arrangements, swimming ability and goals, relevant medical information and emergency contact details, and the home pool risk assessment.
Each instructor is contractually required to keep your personal data confidential, to use it only for the purpose of delivering your lessons, and to comply with the UK GDPR. Where an instructor processes your personal data on our behalf they do so as our data processor.
6.2 Our service providers (processors)
We use carefully selected service providers who process personal data on our behalf, including:
The provider of our online booking and client database platform, which hosts client records, booking information, risk assessments and medical statements on our behalf.
Our payment processor, which handles card payments.
IT, hosting, email and back-up service providers.
Analytics providers that help us understand how the Website is used.
These providers are bound by written contracts that meet the requirements of Article 28 UK GDPR and that require them to protect your personal data and only use it on our instructions.
6.3 Other recipients
We may also share personal data with:
Our professional advisers (such as accountants, lawyers and insurers) where reasonably necessary.
Emergency services and medical professionals if there is a medical incident or emergency at a lesson.
Regulators, law enforcement agencies, courts and other public bodies where we are required to do so by law.
Any prospective or actual buyer of our business or assets, in which case personal data would be transferred subject to confidentiality and the requirements of data protection law.
7. International transfers
We aim to store and process personal data within the United Kingdom or the European Economic Area (EEA). Where any of our service providers process personal data outside the UK/EEA, we ensure that an appropriate safeguard recognised by the UK GDPR is in place — typically the UK’s International Data Transfer Agreement, the International Data Transfer Addendum to the EU Standard Contractual Clauses, or transfers to a country covered by UK adequacy regulations.
You can request further details of the safeguards we use by contacting us at contact@neo-swim.co.uk.
8. How long we keep your personal data
We keep personal data for no longer than is necessary for the purposes for which we collected it, taking into account our legal, tax, accounting and insurance obligations and the period during which legal claims could be brought.
The main retention periods we apply are:
Medical information, medical statements and liability statements: retained for 7 years from the end of the relationship with the client (or, where the participant was a child, from the participant’s 18th birthday if later). This reflects the time limits within which personal injury and related claims may be brought.
Home pool risk assessments and lesson records: retained for 7 years on the same basis.
Account, booking and customer service records: retained for up to 7 years after the end of your relationship with us.
Financial, payment and accounting records: retained for at least 6 years from the end of the relevant financial year, to comply with HMRC requirements.
Website analytics data: retained for up to 26 months.
Marketing preferences and records of consent: retained while the preference is current and for a reasonable period afterwards to evidence our compliance.
When we no longer need personal data, we will securely delete or anonymise it.
9. Cookies and analytics
Our Website uses cookies and similar technologies. Cookies are small text files placed on your device when you visit a website.
We use two types of cookies:
Strictly necessary cookies — these are essential to operate the Website, for example to keep you logged in, secure your session and remember items in your booking. They do not require your consent.
Analytics cookies — these help us understand how visitors interact with the Website (for example which pages are visited and how visitors navigate between them) so that we can improve it. These cookies are only set if you accept them via our cookie banner.
You can accept or reject non-essential cookies via the cookie banner displayed on your first visit, and you can change your preferences at any time through the cookie settings on the Website. You can also block or delete cookies through your browser settings, although doing so may affect how the Website works.
We do not use advertising or social media tracking pixels on the Website.
10. Marketing
We do not use your personal data for marketing. We will not send you marketing emails, marketing text messages or marketing calls, and we will not share your details with any third party for their own marketing purposes.
Any messages we do send (for example booking confirmations, schedule changes, safety notices or responses to your enquiries) are service messages and are necessary for us to perform the contract with you.
11. How we keep your personal data secure
We take the security of personal data seriously. We do not keep physical records: all client, lesson participant and instructor information is held on a secure online database. Our technical and organisational measures include:
Hosting client data with a reputable service provider whose platform applies encryption in transit and at rest.
Restricting access to personal data on a need-to-know basis, including limiting an instructor’s access to the clients allocated to them.
Requiring strong passwords and multi-factor authentication for administrator access where available.
Regular back-ups and access logging.
Confidentiality and data protection obligations in our contracts with instructors and other service providers.
Ongoing review of our security arrangements.
No method of transmission over the internet or storage is completely secure. If we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the ICO and, where required, affected individuals in accordance with the UK GDPR.
12. Your rights
Subject to certain conditions and exceptions in the UK GDPR, you have the following rights in relation to your personal data:
Right to be informed — to be told how we use your personal data, which is the purpose of this Policy.
Right of access — to ask for a copy of the personal data we hold about you.
Right to rectification — to have inaccurate or incomplete personal data corrected.
Right to erasure — to ask us to delete personal data where there is no good reason for us to continue to hold it.
Right to restrict processing — to ask us to pause our use of your personal data in certain circumstances.
Right to data portability — to receive certain personal data you have provided to us in a structured, commonly used and machine-readable format.
Right to object — to object to processing that is based on our legitimate interests.
Right to withdraw consent — where we rely on your consent (including for medical information), you can withdraw it at any time.
Rights related to automated decision-making — we do not carry out automated decision-making producing legal or similarly significant effects.
To exercise any of these rights, please contact us at contact@neo-swim.co.uk. We may need to ask you to verify your identity before we can respond. We will respond within one month and, in the great majority of cases, will not charge a fee.
13. Complaints to the ICO
We hope that you will contact us first if you have any concerns about how we are handling your personal data, so that we can try to put things right. However, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time.
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
14. Third-party links
The Website may contain links to third-party websites. We are not responsible for the privacy practices or content of those websites. We encourage you to read the privacy notices on any third-party websites you visit.
15. Changes to this Privacy Policy
We may update this Privacy Policy from time to time, for example to reflect changes to our services, our use of personal data, or applicable law. The latest version will always be available on the Website and the “Last updated” date at the top will be amended. Where the changes are significant, we will draw them to your attention by email or by a notice on the Website.
16. How to contact us
If you have any questions about this Privacy Policy or about how we handle your personal data, please contact us:
NeoSwim Ltd
70 The Avenue, Gosport, Hampshire, PO12 2JU
Email: contact@neo-swim.co.uk
Website: www.neo-swim.co.uk