As you may be aware there is new Data Protection Legislation coming in to force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR), is EU wide legislation, and is currently being enacted into UK law and will become the 2018 Data Protection Act.
As a client of The Fitness Studios & Pole Perfect Fitness & Free Your Body Therapy, we are updating you today to advise you how we will be handling your data to comply with the new General Data Protection Regulation (GDPR).
We have created this privacy statement for in order to demonstrate our firm and continuing commitment to the privacy of personal information provided by those visiting and interacting with. We hold the privacy of your personal information in the highest regard.
We recognise the importance of protecting your privacy and our policy is designed to assist you in understanding how we collect, use and safeguard the personal information you provide to us and to assist you in making informed decisions. This policy will be continuously assessed against new technologies, business practices and our customers’ needs.
The name and contact details of our Organisation(s):
- The Fitness Studios / Pole Perfect Fitness UK / Free Your Body Therapy
- 01553 277520
- email@example.com / firstname.lastname@example.org / email@example.com
Who is the Data Protection Officer (DPO)?
- Jane Cole
What data do we hold / collect?
- Your Name
- Health Conditions
- Fitness Lifestyle / Activities
- Email / Telephone / Contact details
- Payment Details
What does giving Consent mean?
- Consent means that the individual (You) have given clear consent for us the business to process your personal data for a specific purpose.
How did you get this data?
- ‘Explicit Consent’: You freely and knowingly provided your personal data when you booked a class / course / session or service from the organisations listed above therefore you have given ‘Explicit Consent’ for us to hold your data for purposes of providing said service.
- ‘Informed Consent’: In addition when booking a class / course / session or service from the organisations listed above you will have been asked to give ‘Informed Consent’ for us to process your data for purposes of marketing.
- You can at any point ‘Opt Out’ of receiving our marketing emails. After unsubscribing we will discontinue sending the particular messages as soon as technically feasible.
Surveys & Contests:
- From time-to-time our organisations may request information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose this information.
- Information requested may include contact information (Such as name and shipping address), and demographic information (such as post code, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of the websites.
What is the purpose of processing my Data?
- We will only use your data for the purpose for which it was collected.
- Broadly speaking, we use personal information for purposes of administering our business activities, providing the products and services you requested, to process your payment, to monitor the use of the service, our marketing and promotional efforts and improve our content and service offerings, and customize our site’s content, layout, services and for other lawful purposes. These uses improve our services and better tailor it to meet your needs.
How long do you keep my information? / When does the ‘Right to be Forgotten’ apply?
- The ‘Right to be Forgotten’ applies when the personal data is no longer necessary for the purpose, which we originally collected or processed it for.
- However please note it is a condition of our Insurance Policy and generally accepted UK wide to take and retain client records. These records shall be kept for at least 7 years following the last occasion on which treatment / session was given. In the case of treatment / session involving minors, it is advisable that records should be kept or at least 7 years after they reach the age of majority (18). After which your information will be securely erased as requested.
How do you store my information?
- Your personal information is kept (if on paper) via a locked fireproof cabinet.
- If your personal information is kept online it will be securely via those listed below.
What systems that are online is my information kept and therefore have their own GDPR policies?
Who has access to my information?
- Only those who need to see your information to fulfil the business requirements will see your information.
- This will be Jane & Terry, the instructors of The Fitness Studios & Pole Perfect Fitness.
- Personally identifiable information or business information will not be shared with parties except as required by law.
What about legally compelled ‘Disclosure of Information’?
- We may disclose information when legally compelled to do so, in other words, when we, in good faith, believe that the law requires it or for the protection of our legal rights. We may also disclose account information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our Terms of Service or to protect the safety of our users and the Public.
Can I see what information is held about me?
- Individuals have the right to access their personal data and supplementary information known as a ‘Subject Access Request’ or SAR. The fee of £30 per request is based on the administrative cost of providing the information. Information will be provided without delay and at the latest within one month of receipt.
- However please note you do have access to all of the information we hold, which you have provided via your booking account, the above administrative fee would apply if you wish to have physical copies of such information.
Do you have CCTV and what’s your policy:
- Yes we have CCTV which covers the public areas of our Businesses.
- All images are recorded 24 hours a day, 7 days a week for the purpose of public safety and crime prevention.
- Individuals have the right to request CCTV footage of themselves, this must be in writing to the DPO as per the Data Protection Act. The fee of £10 per request is based on the administrative cost of providing the information. Information will be provided without delay and at the latest within one month of receipt.
- Please note there are some circumstances that we we can legally refuse such a claim, such as other people can be seen in the footage or potential to put a criminal investigation at risk etc.
Sharing & Selling Information:
- We do not share, sell, lend or lease any of the information that uniquely identify a client (Such as email addresses or personal details) with anyone except to the extent it is necessary to process transactions or provide services that you have requested.
Can I have my information updated?
- Most certainly yes, we request that your information is as up to date as possible in order for us to provide the best services possible.
- You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
- You can make a request for rectification in writing.
- We have one calendar month to respond to a request from date of receipt, although for reasons stated above we will endeavour to meet such request as soon as physically possible.
Do you review the GDPR and Privacy Information?
- We will post any changes here, so be sure to check back periodically.
Acquisition or changes in ownership:
- In the event that the web site (Or a substantial portion of its assets) is acquired, your information would be considered part of those assets, and may be part of those assets that are transferred.
Our commitment to data security:
- Please note that your information will be stored and processed on our computers in the United Kingdom.
- The laws on holding personal data in the United Kingdom may be less stringent than the laws of your Country of residence or citizenship.
- To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
- When you visit the websites listed below, you will provide us with two types of information: personal information you knowingly choose to disclose that is collected on an individual basis and websites use information collected on an aggregate basis as you and others browse the websites.
Website Use Information:
- Similar to other commercial websites, our website utilizes a standard technology called “cookies” (See explanation below) and web server log files to collect information about how our website is used.
- Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our websites, the websites visited just before and just after ours listed above.
What are ‘Cookies’?
- A cookie is a very small text document, which often includes an anonymous unique identifier.
- When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies.
- Each website can send its own cookie to your browser if your browser’s preferences allow it, but (To protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. Browsers are usually set to accept cookies.
- A cookie cannot retrieve any other data from your hard drive or pass on computer viruses.
How do we use information we collect from Cookies?
- Cookies, in conjunction with our Web server’s log files, allow us to calculate the aggregate number of people visiting our websites and which parts of the site are most popular.
- This helps us gather feedback to constantly improve our websites and better serve our clients.
- Cookies do not allow us to gather any personal information about you and we do not intentionally store any personal information that your browser provided to us in your cookies.
- IP addresses are used by your computer every time you are connected to the Internet.
- Your IP address is a number that is used by computers on the network to identify your computer.
- IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (Such as the Web pages you request) can be sent to you.
What about other websites linked to our websites?
- We are not responsible for the practices employed by websites linked to or from our websites or the information or content contained therein. Often links to other websites are provided solely as pointers to information on topics that may be useful to the users of our websites.
Nothing in these Policies shall affect your statutory rights.
I have read, understood and accept the Privacy Notice outlined above.
By booking your session / class you are agreeing to the all of our Policies, you do so every single time you book.