Skip to content
Pro Swim Academy Kenya
Pro Swim Academy Kenya
Back to Website
Data Protection
Version 2026-06-08
Effective 2026-06-08

Privacy Policy

How PSAK handles personal data for inquiries, membership, children, schools, bookings, attendance, payments, coach notes, reports, communications, and portal security.

Privacy Policy

Effective date: 2026-06-08

This Privacy Policy explains how Pro Swim Academy Kenya ("PSAK", "we", "us", or "our") collects, uses, stores, shares, and protects personal data when you use our website, submit forms, contact us, register for programs, use our portal, attend lessons, participate in school programs, or communicate with us.

PSAK is located at Kwaheri Road, off Northern Bypass Road, Nairobi, Kenya. You may contact us about privacy at proswimacademykenya@gmail.com or +254 112 964497.

1. Legal framework

PSAK aims to process personal data in line with the Constitution of Kenya, the Data Protection Act, 2019, the Data Protection (General) Regulations, 2021, and other applicable Kenyan laws. Where another law requires or permits processing, PSAK may process data for that lawful purpose.

2. Personal data we collect

Depending on your relationship with PSAK, we may collect:

  • Identity and contact details: names, email addresses, phone numbers, role, parent or guardian names, school contacts, branch preference, residence, and emergency or administrative contact details.
  • Swimmer details: age, gender, program, audience type, level, goals, school, package, class type, coach, branch, bookings, attendance, cancellations, make-ups, progress notes, and reports.
  • Child information: child name, age, gender, parent or guardian details, attendance, program details, health declarations, progress notes, and safety-related information.
  • Health and safety information: health declarations, medical or behavioural notes, allergies, injuries, disabilities, medication or fitness information voluntarily provided or needed for safety.
  • Payment and billing records: payment method, amount, date, reference, status, receipts, invoices, package allocation, refund or transfer records, school billing records, and audit records.
  • Portal and account data: email, encrypted or hashed credentials, role, branch access, profile data, login/session cookies, password reset requests, policy acceptance records, and security logs.
  • Inquiry and website data: contact form details, school inquiry details, membership registration details, source page, referrer, IP address, user agent, anti-spam fields, WhatsApp click metadata, and messages submitted to us.
  • Staff and coach records: coach or staff profile details, branch assignment, phone, account data, attendance or coaching records, warnings, suspensions, and audit logs where applicable.
  • Documents and communications: proposals, contracts, notices, school reports, gala documents, receipts, emails, WhatsApp communications, portal notices, and front-office records.

3. How we collect data

We collect data directly from you, your parent or guardian, an authorised school representative, PSAK staff, coaches, website forms, portal activity, payment and attendance records, WhatsApp or phone communications, and documents created during service delivery.

For children, we collect personal data through a parent, guardian, authorised school, or another person with appropriate authority.

4. Why we use personal data

We use personal data to:

  • respond to inquiries and registration requests;
  • assess program suitability, safety, and scheduling;
  • create and manage accounts, bookings, packages, classes, coaches, attendance, make-ups, and cancellations;
  • deliver lessons, school programs, progress reporting, receipts, invoices, contracts, notices, and administrative support;
  • communicate about schedules, payments, safety, closures, policy updates, password resets, and service matters;
  • process payments, verify receipts, allocate payments, manage refunds or transfers, and keep accounting records;
  • maintain safeguarding, health, safety, security, audit, and operational records;
  • prevent spam, fraud, misuse, unauthorised access, and unsafe conduct;
  • comply with laws, lawful requests, tax, accounting, data protection, safety, and dispute-resolution obligations;
  • improve services, scheduling, reports, and customer support.

5. Lawful bases

Depending on the purpose, PSAK may rely on consent, performance of a contract or steps before a contract, compliance with legal obligations, protection of vital interests, legitimate interests, and establishment or defence of legal claims.

Where consent is used, you may withdraw consent, but withdrawal does not affect processing already carried out lawfully or processing that PSAK must continue for contract, legal, safety, accounting, or legitimate operational reasons.

6. Children and guardian consent

PSAK processes children's personal data only where a parent, guardian, authorised school, or other legally permitted person provides the information and consent or where another lawful basis applies. Child data is used for registration, safety, instruction, attendance, progress, school programs, reporting, billing, and required records.

Parents and guardians may exercise applicable data rights on behalf of a child. PSAK may ask for proof of identity or authority before acting on a request involving a child.

7. Health and sensitive data

Health, disability, allergy, injury, behavioural, or safety information is used only where relevant to participation, safety, reasonable support, emergency response, record keeping, or legal obligations. Please do not provide unnecessary health details, but do provide information that may affect safe participation.

8. Sharing personal data

We may share personal data with:

  • PSAK administrators, front-office staff, coaches, and authorised personnel who need it to provide services;
  • parents, guardians, adult swimmers, and authorised school contacts connected to the relevant swimmer or program;
  • hosting, database, email, storage, security, rate-limiting, and software providers that support the website, portal, and communications;
  • payment, banking, M-Pesa, accounting, audit, tax, and professional advisers where needed;
  • WhatsApp or phone providers when you choose to contact us through those services;
  • regulators, courts, law enforcement, insurers, emergency responders, or public authorities where required or permitted by law;
  • a successor organisation if PSAK undergoes a lawful restructuring, transfer, or business continuity arrangement.

We do not sell personal data.

9. International transfers

Some technology, hosting, email, communications, or software providers may process or store data outside Kenya. Where personal data is transferred outside Kenya, PSAK will seek to rely on appropriate safeguards, contractual protections, necessity, consent, or another lawful basis recognised under applicable data protection law.

10. Retention

PSAK keeps personal data only for as long as reasonably necessary for the purpose collected, including service delivery, safety, child protection, school reporting, payment, accounting, tax, audit, dispute resolution, legal compliance, and legitimate operational records.

Typical retention periods may vary by record type. Inquiries that do not proceed may be kept for a shorter period. Payment, contract, attendance, safeguarding, safety, account, and legal records may be kept longer where necessary. When information is no longer needed, PSAK will delete, anonymise, archive, or restrict it where reasonably practicable.

11. Security

PSAK uses administrative, technical, and organisational measures designed to protect personal data, including role-based access, password hashing, encrypted credential storage where implemented, HTTP-only authentication cookies, validation, audit logs, rate limiting, and access controls. No system is perfectly secure, so users must also protect their login details and notify PSAK promptly of suspected unauthorised access.

12. Your rights

Subject to applicable law, you may have rights to be informed, access your personal data, object to processing, request correction of false or misleading data, request deletion of false or misleading data, request restriction, withdraw consent where consent is the lawful basis, and request data portability where applicable.

To exercise rights, contact proswimacademykenya@gmail.com. PSAK may ask for proof of identity, account ownership, parental authority, guardianship, or school authorisation before acting on a request.

You may also contact or complain to the Office of the Data Protection Commissioner in Kenya.

13. Marketing and service messages

PSAK may send service messages about bookings, payments, safety, closures, policies, accounts, and programs. Marketing messages will be sent where permitted by law or with appropriate consent, and you may ask us to stop non-essential marketing communications.

14. Data breaches

If PSAK becomes aware of a personal data breach that creates a real risk of harm, PSAK will take appropriate steps in line with applicable law, including notifying the Office of the Data Protection Commissioner and affected data subjects where required.

15. Updates

PSAK may update this Privacy Policy from time to time. The latest version will be published on the website or portal with an effective date.