Global Privacy Policy

Data Protection Statement & Fair Processing Notice

Version: 1.4
Last Updated: 12 March 2026

This Privacy Policy describes how My Swim School ("Provider", "we", "us") collects, uses, and protects personal information through our Swim School Management SaaS Platform. We acknowledge that our Platform processes the sensitive data of minors; therefore, Privacy by Design and Default are the core pillars of our architecture.

1. Global Compliance Framework
Regulatory Alignment: We operate in strict accordance with POPIA (South Africa), COPPA (USA), and UK GDPR.

1.1 South Africa (POPIA)

We comply with the Protection of Personal Information Act. All production data is provisioned strictly within the Microsoft Azure South Africa North region. Automatic geo-replication is disabled to ensure compliance with Section 57 regarding cross-border transfers.

1.2 USA (COPPA)

We comply with the Children's Online Privacy Protection Act. The Tenant (Swim School) acts as the primary operator and warrants that Verifiable Parental Consent is obtained before creating any profile for a child under 13.

1.3 UK (GDPR & AADC)

We align with the Age Appropriate Design Code. We prioritize the Best Interests of the Child and strictly prohibit the use of children's data for marketing, profiling, or behavioral advertising.
2. Information We Collect

We adhere to the principle of Data Minimization. We only collect data strictly necessary to deliver the Service.

Swimmer Data

Name, Date of Birth (for age-appropriate grouping), and Skill Progress.

Health Data (Special Category)

Critical medical alerts (e.g., asthma, allergies) relevant to swimming safety.

Financial Data

We do not store credit card numbers. Payments are processed via Paystack; we retain only secure transaction tokens for recurring billing.

Parent/Guardian Data

Names, contact details, and emergency contact information.

Staff Payroll Data

Banking details and tax identifiers for automated staff remuneration.

Events & Gala Booking Data

Registration details for school events and galas, used solely to manage attendance and communications.

Chat & Messaging Content

In-app messages between coaches and parents. This is operator data held on behalf of the school; it is not sold or analysed for advertising purposes.

3. Purpose of Processing & Usage

We process data solely for the purpose of providing the Swim School Management Service:

Class Management: Scheduling lessons, tracking attendance, and facilitating 'Stand-in Management' for coach substitutions.

Progress Tracking: Recording skill acquisition and generating digital certificates.

Safety: Providing coaches with medical alerts via the secure Coach Portal.

Communication: Automated operational notifications via Email and WhatsApp.

Data Migration: Processing legacy school data imported via spreadsheets for platform onboarding.

Remuneration: Calculating and processing staff payroll based on attendance and class schedules.

Strict Prohibition on Data Sales: We do not sell, rent, trade, or monetize student or parent data to third parties, advertisers, or data brokers.
4. Data Security & Retention Policy

We utilize enterprise-grade security measures within the Microsoft Azure ecosystem.

Encryption: Data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

Role-Based Access Control (RBAC): Coaches are granted "Least Privilege" access. They can only view data for students currently in their assigned classes; they cannot view the full school database.

Retention: Data is retained only for the duration of the Tenant's active subscription or as required by tax laws. Upon contract termination, data is deleted or anonymized in accordance with our Data Retention Policy.

5. Your Rights (Data Subject Requests)

While My Swim School acts as the Data Processor and your Swim School is the Data Controller, we support the following rights:

Right to Access

You may request a full copy of all personal data held about you or your child.

Right to Rectification

You may correct inaccurate or incomplete data directly via the Parent Portal.

Right to Erasure

"Right to be Forgotten." You may request deletion of your account, subject to legal retention obligations.
Contact the Data Protection Officer (DPO)

For privacy inquiries or to lodge a complaint.

Email: privacy@myswimschool.co.za

Address: 321 Furrow Road, Equestria, Pretoria, 0184

Terms & Conditions

|

Refund & Cancellation Policy

© 2026 MySwimSchool. All rights reserved.

Connection Lost

Attempting to reconnect to My Swim School...

Reconnection Failed

We couldn't reconnect to the server. Please check your internet connection.

Session Expired

The server was updated or your session expired.