Swimming pools: destroying member data
A swimming pool processes far more data than a list of members. There is lesson data from swimming lessons, sometimes with children's medical particulars, there are memberships and payment data, there is CCTV footage and access systems, and there is a personnel administration with certificates of conduct. Each part has its own retention period and its own sensitivity. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.
The quick answer: member data you keep as long as the membership runs and then clear out, the payment administration falls under the tax seven years and CCTV footage you keep briefly. Lesson data with medical particulars should be kept as briefly as possible. What may go disappears confidentially and with a certificate.
Why a swimming pool must be extra careful
A swimming pool is a public place where many people come, from young children in the teaching pool to older visitors doing lengths. The organisation therefore processes data of vulnerable groups and sometimes health information. That calls for a firm distinction between what you need and what you merely keep because it once came in.
So treat the data per type. A membership has a different status than a medical note attached to a swimming lesson or a CCTV image of the entrance. If you make that distinction, you keep exactly what is needed and clear out the rest on time. That is the heart of the GDPR, and it also limits the risk in a data breach.
Retention periods by part
The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the end of the membership or the lesson track.
| Part | Starting point | Period |
|---|---|---|
| Payment and invoicing administration | Tax retention obligation | 7 years |
| Member and subscriber data | Until end of membership | purpose-bound, then clear out |
| Swimming-lesson data | Until the certificate track ends | as briefly as possible |
| Child's medical particulars | Sensitive, storage limitation | only during the lessons |
| CCTV footage | Security and safety | guideline max. 4 weeks |
| Personnel and conduct data | Own periods | see personnel file |
Use this as a guideline, not a substitute for your own policy. The general periods are set out clearly in the GDPR retention periods cheatsheet, and the personnel side in the personnel file and the GDPR.
Swimming lessons: children's medical particulars
For swimming lessons you sometimes record that a child has epilepsy, an allergy, a hearing aid or another particular the instructor must know for safety. That is health data and therefore special-category personal data, which needs extra protection. You process it on the ground of the child's safety, not because it is handy to keep.
Keep that information recognisably separate from the ordinary lesson administration, give only the instructors involved access, and clear it out once the child has completed the certificate track or stops. An old enrolment card with medical notes does not belong in the paper bin, but in the confidential volume. That way you avoid sensitive information about a child lingering for years without a purpose.
Memberships, payment data and access systems
Member data and memberships belong together. As long as the membership runs you need the name, contact details and payment data. If someone cancels, you clear out the contact details once the last direct debit and any complaint have been settled. The invoicing and payment administration falls under the seven-year tax retention obligation and is therefore kept longer, but separately from the rest.
Many pools work with cards, wristbands or an access system that records who enters when. That logging is personal data. Keep the access logs briefly and for a clear purpose, and clear out old card files and exports confidentially. An old member list on a phased-out computer or USB stick belongs there too.
CCTV footage and camera surveillance
Camera surveillance at the entrance, the till or the pool basin serves safety, but the footage is personal data. The guideline is to keep footage briefly, as a starting point at most four weeks, after which the system automatically overwrites it. Only in a concrete incident do you keep the relevant footage longer, and then with a reason. How to set that up you read in CCTV footage: retention period and destruction.
How to handle it in 6 steps
- Split the data into members, lessons, payment administration, CCTV and personnel.
- Treat medical particulars separately and clear them out after the lesson track.
- Clear out member data once a membership has been settled.
- Keep the payment administration for seven years, separate from the rest.
- Keep CCTV footage briefly and overwrite it automatically.
- Have it destroyed confidentially with a certificate and record it in your register.
Destroy confidentially with a certificate
Member, lesson and personnel data is destroyed confidentially, because it contains identity, payment and sometimes health data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old reception computer, a backup with member data or a read-out camera recorder belongs with it too.
Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.
Member and lesson data to be destroyed?
Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.
Request a quoteCommon mistakes
- Keeping medical notes with the lesson material. Those belong separate and go after the lesson track.
- Keeping member data forever. After cancellation and settlement the purpose lapses.
- Keeping CCTV footage too long. Without an incident the retention period should be short.
- Throwing away unshredded. A member list on the street is a reportable data breach.
- Keeping no proof. Without a certificate you cannot demonstrate the destruction.
Frequently asked questions
How long may a swimming pool keep member data?
As long as the membership runs you keep the member data. After cancellation you clear out the contact details once the settlement is complete. The payment and invoicing administration falls under the seven-year tax retention obligation.
May I keep children's medical particulars from swimming lessons?
Only while the child takes lessons and only what is needed for safety. Health data is special-category personal data. Keep it separate, use it solely for the lesson and clear it out after the certificate track is complete.
How long do I keep the pool's CCTV footage?
You keep CCTV footage briefly, as a guideline at most four weeks, unless a concrete incident justifies keeping it longer. After that the footage is automatically overwritten or destroyed.
How do I destroy member and lesson data in line with the GDPR?
Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.
Conclusion
A swimming pool works with member, lesson, payment and sometimes health data, plus CCTV footage and a personnel administration. Keep the payment administration seven years, clear out member data after settlement and keep CCTV footage briefly. Children's medical particulars you treat separately and they go after the lesson track. What may go you have destroyed confidentially with a certificate as proof. That way you protect precisely the most vulnerable visitors to your pool.
Read also: gyms: destroying member data, sports clubs: member administration and GDPR destruction, riding stables: destroying customer data, animal shelters: destroying owner data and marinas: destroying berth-holder data.
Have member and lesson data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.