Ghodexarthiphrox Slow reset swimming
Privacy

Reference date:

Privacy policy

This policy explains what personal data we process when you use our website, book or attend sessions at Ariel Way, contact us by email or telephone, or interact with optional cookies and marketing tools where you have given consent. It is written to align with the UK GDPR and the Data Protection Act 2018, and to respect principles that also underpin EU GDPR standards for visitors from the European Economic Area.

Data controller

The data controller responsible for the processing described here is Ghodexarthiphrox, operating from Ariel Way, London W12 7GF, United Kingdom. You may contact us for privacy matters using assist@ghodexarthiphrox.world or by telephone at +44 20 3371 2300 during published desk hours.

Scope of this policy

This document applies to personal data processed through our public website, enquiry and contact channels, on-site reception processes, and operational systems used to deliver pool sessions. It does not describe other controllers’ websites that we may link to; always read their privacy notices independently.

We process personal data only for defined purposes, keep it for no longer than necessary, and limit access to trained staff and contracted processors who need the information to support our studio operations.

Categories of personal data

  • Identity and contact details: name, email address, telephone number, postal address elements when you supply them, and similar identifiers needed to respond to you or manage bookings.
  • Communication content: messages submitted through forms, file attachments if we explicitly allow them, and notes taken at reception that relate to scheduling or safety instructions you request.
  • Booking and attendance data: session selections, arrival records where kept, payment references when a payment provider processes card data on their infrastructure, and incident notes where relevant to health and safety obligations.
  • Technical data: IP address, user agent string, timestamps, and diagnostic information created to maintain security and troubleshoot faults.
  • Cookie and preference data: information linked to optional analytics or marketing technologies when you have provided consent, alongside strictly necessary cookies described in the cookies policy.

We do not seek to collect special category data through this website. If you voluntarily include sensitive information in a free-text field, we treat it with additional care and only retain what is proportionate to your request.

Lawful bases for processing

Consent

Where required, such as for non-essential cookies or certain communications, we ask for consent first and log the channel through which it was given where practical.

Contract

When you purchase a service, we process data needed to provide access, confirm payment status, and communicate about the session you booked.

We also rely on legitimate interests to secure our premises, prevent abuse of our systems, improve website stability, and analyse aggregated usage, balancing those interests against your rights. Where legal obligation applies, for example accounting or regulatory reporting, we retain evidence as statute requires.

How we use personal data

  1. To respond to enquiries, allocate lanes fairly, and host sessions in line with our published rules.
  2. To process payments through certified payment partners; we do not store full card numbers on our web server.
  3. To keep records required for health and safety, insurance, and facility management.
  4. To send service messages about bookings; wider marketing messages only where consent or soft opt-in rules permit.
  5. To secure IT systems, monitor for intrusions, and support continuity planning.

Processors and recipients

We share personal data with trusted suppliers that provide hosting, email delivery, payment acquiring, analytics (when consented), and building services where necessary. These parties process data under written terms that require protection and assistance with your rights.

We may disclose information when required by law, court order, or a legitimate request from a competent authority, and we verify the scope of such requests before disclosing more than proportionate content.

Online advertising and measurement

If we run online advertising (including through Google Ads or similar platforms in the United Kingdom), we use data in line with UK GDPR and PECR. Measurement technologies—such as conversion tags or remarketing pixels—are typically activated only when you have consented to the marketing or analytics category via our cookie banner or Cookie Settings, except where a technology is strictly necessary for security or core delivery.

Advertising partners process data under their own terms. For Google services, you can read how Google uses information at policies.google.com/privacy and manage ad personalisation through your Google account and device settings. You can withdraw or adjust consent for optional cookies at any time through our cookie tools or by clearing site data; this may affect how campaigns are measured for your browser.

We aim to keep landing pages consistent with our ads: the service described is paid recreational pool access at the address published on this website. If you believe an ad or destination is inconsistent with these disclosures, contact us using the details below.

Retention periods

Contact form messages may be retained for up to twenty-four months unless a longer period is justified by an unresolved query or dispute. Booking and financial records align with statutory and audit requirements, commonly up to seven years for accounting evidence where applicable. Security logs are rotated frequently and kept longer only for incident investigation.

Marketing lists
Held until you withdraw consent or we end a campaign, then removed or anonymised where possible.
CCTV
If operated on site, covered by signage and a separate retention schedule at reception, not by this web policy alone.

Security measures

We apply access controls, authentication, encryption in transit where HTTPS is deployed, patching routines, and staff training. Processors are assessed for alignment with UK GDPR expectations and contractual clauses that require breach notifications where relevant.

No online method is perfectly secure. If we detect an incident that risks your rights, we evaluate notification duties and act accordingly.

International transfers

If data is processed outside the United Kingdom, we rely on adequacy regulations where available, standard contractual clauses approved by authorities, or other permitted mechanisms, supplemented by technical and organisational measures when needed.

Your rights

Subject to conditions in applicable law, you may request access, rectification, erasure, restriction of processing, data portability, and objection. You may withdraw consent at any time where processing was consent-based, without affecting the lawfulness of processing before withdrawal.

To exercise rights, email us with enough detail for us to verify your identity proportionately. We respond within statutory timeframes and explain any exemptions that apply.

Complaints

You may lodge a complaint with the Information Commissioner’s Office in the United Kingdom. We encourage you to contact us first so we can attempt to resolve concerns quickly.

Updates

We amend this policy when our processing activities change materially. The reference date shown in the hero section reflects the calendar day you viewed the page; substantive edits are summarised here when needed.

Contact

Ghodexarthiphrox, Ariel Way, London W12 7GF, United Kingdom. assist@ghodexarthiphrox.world · +44 20 3371 2300