1. HOW WE COLLECT PERSONAL INFORMATION
1.1. We regard “personal data” as information about you from which we can identify you (either on its own, or by compiling it with other information).
1.2. We collect this information from various sources to help us manage the business and to keep in contact with you. Typically, these sources are: ‘sign-up’ forms from Internet websites, telephone enquiries, in-person enquiries and email requests for information. Additional information may be gathered and recorded once a client attends a class.
1.3. We will ask you to agree to use of this data by giving us your consent (i.e. to ‘opt-in’). We require that you opt-in to the use of your personal data by ticking a ‘Consent Given’ box. By doing this, you consent to us collecting and processing the data that you have supplied to us, and to us using it to contact you.
2. WHAT TYPE OF INFORMATION WE COLLECT AND HOLD
2.1. We hold personal contact information such as name, address, email address, and contact telephone number(s). We may hold contact details for relatives and emergency contact(s). Additionally, we hold some personal data that assists us in providing an efficient clinical service, (such as date of birth and relevant health/medical information). We hold sufficient financial information to allow us to take payment for our services, either directly or through a Third Party.
2.2. We also hold information on previous clients.
2.3. All data records are held in a secure manner and for a time period that is considered appropriate for our business needs or in accordance with other conditions set out in other obligations i.e. Insurance. Typically this will be for a minimum of 7 years unless you specifically request otherwise – see the section on ‘Your Rights’.
3. HOW WE USE YOUR PERSONAL DATA
3.1. We only use your data for the legitimate interests and running of the business. Typically, we use your data to enable us to contact and communicate with you, as our current or potential clients. This may be for booking or re-arranging classes/Instructors, getting in touch with you in an emergency, or for the purposes of promoting and marketing our services and/or offers. We maintain your data on our internal databases to allow us to manage the on-going business and provide an efficient service to you.
3.2. We control the use of limited financial information for the recurring processing of payments.
3.3. We may track your class activity patterns so that we can improve the level of service that you receive from us.
3.4. We do not share, sell or exchange your information with any external parties for the purposes of marketing nor profiling.
4. WHO HAS ACCESS TO INFORMATION
4.1. The employees of the company and self-employed contractors (for example, the Instructors) have access to your personal information in order to carry out their day-to-day duties and to maintain the needs of the business.
4.2. Information may be held by, or we may disclose to, our third party service providers for the purposes of providing services to us, or directly to you, on our behalf (for example, financial data to allow them to process payments in a secure manner). Such third parties may include cloud service providers (such as email and file management); when we use them, we only disclose limited personal information that is necessary for them to provide their service in accordance with our specific instructions.
4.3. Third Party Internet providers may collect and retain basic contact details to notify us of potential clients who have expressed an interest in our services. They are governed by the legal requirement for clients to ‘opt-in’.
5. HOW IS YOUR PERSONAL PRIVACY PROTECTED
5.1. We take all reasonable precautions to maintain your personal data in a secure environment. This includes, but is not limited to; the use of password protection for access to applications, computer folders/files and mobile phones; the secure storage of paper records; the archiving of email correspondence.
5.2. We may keep your data for a limited, reasonable period, as appropriate for the needs of the business. The only exceptions to this are where the law requires us to hold personal information for a specified period or to delete it sooner – see the section on ‘Your Rights’.
5.3. We ensure, on an on-going basis, that all employees and contracted staff are made aware of their responsibilities in relation to the use, protection and breaches of personal information.
5.4. Whilst we will strive to protect all of your personal information that we hold, we cannot guarantee the security of any information that you transmit to us over the Internet, and so you do so at your own risk.
6. YOUR RIGHTS
Your ‘data subject’ rights: Legislation deems us to be the ‘controllers’ of the personal data that we hold. Therefore, we are responsible for how it is used by us and our third parties and how we inform you of that. You have a number of rights in relation to your personal information under data protection law. If we receive a request from you to disclose the personal data that we hold on you, we will respond to you within 30 days, at no charge to you. Our contact details, and how to contact us, can be found at the end of this policy statement.
6.1. Accessing your personal information: You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address listed in our contact details. We may not provide you with a copy of your personal information if it concerns other individuals, or we have another lawful reason to withhold that information.
6.2. Correcting and updating your personal information: The accuracy of your information is important to us. If you change any of your personal details, have reason to believe, or, discover that it is inaccurate or out of date, please contact us so that we can correct it.
6.3. Withdrawing your consent: We rely on your consent as the legal basis for processing your personal data and to receiving direct marketing. You may withdraw your consent at any time by contacting us. If you would like to withdraw consent to receiving direct marketing you can also do so by using our unsubscribe tool. If you withdraw your consent, our use of your personal data before you withdraw is still lawful.
6.4. Objecting to our use of your personal information and automated decisions made about you: Where we rely on our legitimate business interests as the legal basis for processing your personal information, you may object to us using your personal information for these purposes by contacting us. We will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise, we will provide you with our justification as to why we need to continue using your data. You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request; if you would like to do so, please use our unsubscribe tool.
6.5. Erasing your personal information: You can ask us to remove your personal information that we hold from our internal systems at any time by emailing or writing to us – see our contact details. We will make all reasonable efforts to comply with your request in a reasonable timeframe unless there is a reason that the law prohibits us from doing this.
6.6. Restricting your personal information: You may ask us to restrict the processing of your personal information where you believe it is unlawful for us to do so, or where you have objected to its use and our investigation is pending. In these circumstances we may only process your personal information where we have your consent or we are legally permitted to do so – for example, for storage purposes, to protect the rights of another individual or in connection with legal proceedings.
6.7. Transferring your personal information in a structured data file: Where we rely on your consent as the legal basis for processing your personal information, you may ask us to provide you with a copy of that information in a structured data file format. We will provide this to you electronically in a commonly used machine readable form, such as a CSV file. You can ask us to send your personal information directly to another service provider if this is technically possible. We may not provide you with a copy of your personal data if it concerns other individuals or if we have another lawful reason to withhold that information.
6.8. Data Breaches: In the unlikely event of a breach of your personal data, we will notify you of this within 72 hours of our discovery. If we consider this to be a serious breach we will also notify the Regulator. We will identify and put in place measures to prevent a similar occurrence in a timely manner and ensure appropriate and suitable protection of personal data is incorporated in future design of our systems and processes.
6.9. Complaining to the UK data protection regulator: You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.
7.1. We will ask you to consent to email/telephone/SMS correspondence if you register with us through our website or if you complete a Health Screening form prior to attending a class.
7.2. We may also ask you to provide us with your preferred additional methods of receiving marketing information from us (for example, by post). From time to time we may ask you to refresh your marketing preferences by confirming that you consent to continue to receive information from us.
8. HOW TO CONTACT US
8.1. If you have any questions, suggestions or complaints about the processing of your personal information, would like to see a copy of the information we hold for you, or wish to contact us for any general matters, you can do so by using any of the contact details below.
8.2. The main office and studios are located at the following address, which can also be used for written correspondence:
Ormskirk Pilates and Wellbeing Ltd
Suite 3 Derby Chambers
2A Derby Street
8.3. We can be contacted on the following telephone number: 01695 351 071.
8.4. We can be contacted at the following email address: firstname.lastname@example.org
9. LAST UPDATE OF THIS POLICY
9.2. We may review this policy at any time and changes will be notified to you by us posting an updated version on our website and/or by contacting you by email.
9.3. We recommend that you regularly check for changes and review this policy when you visit our website. If you do not agree with any aspect of the updated policy you should promptly notify us and cease using our services.