FITSTEPS WITH AMANDA PRIVACY STATEMENT

PLEASE NOTE THIS WEBSITE IS SECURE.  THERE IS NO SSL CERTIFICATE REQUIRED AS NO DATA IS COLLECTED  ON THIS SITE AS IT IS PURELY FOR INFORMATION PURPOSES ONLY

Data Protection GDPR Policy group exercise instructor

As a self-employed group exercise instructor, I am fully committed to comply with the General Data Protection Regulation (GDPR). The GDPR applies to all organisations and sole traders that process data relating to their employees, as well as to others including customers, contractors and clients. It sets out principles which should be followed by those who process data; it gives new and extended rights to those whose data is being processed.

To this end, I endorse fully and adhere to the six principles of data protection, as set out in the Article 5 of the GDPR.

1.    Data must be processed lawfully, fairly and in a transparent manner in relation to individuals.

2.    Data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

3.    Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

4.    Data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

5.    Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

6.    Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

These principles must be followed at all times when processing or using personal information. Therefore, through appropriate management and application of processes and controls I will:

 

  • observe the conditions regarding the collection and use of information including the giving of consent
  • meet the legal obligations to specify the purposes for which information is used
  • collect and process appropriate information only to the extent that it is needed to fulfil my operational need
  • ensure the quality of information used
  • ensure that the information is held for no longer than is necessary
  • ensure that the rights of people about whom information is held can be fully exercised under the GDPR (i.e. the right to be informed that processing is being undertaken, to access one’s personal information; to prevent processing in certain circumstances, and to correct, rectify, block or erase information that is regarded as incorrect)
  • take appropriate security measures to safeguard personal information
  • publicise and abide by individuals' right to appeal or complain to the supervisory authority (the Information Commissioner's Office (ICO)) in the event that agreement cannot be reached in a dispute regarding data protection
  • ensure that personal information is not shared or transferred abroad without prior written consent

 

 

Data Security

I will ensure that:

 

  • personal data is kept securely
  • personal information is not disclosed either orally or in writing or via Web pages or by any other means, accidentally or otherwise, to any unauthorised third party.

Subject Consent

 

The GDPR sets a high standard for consent and requires a positive opt-in. Neither pre-ticked boxes nor any other method of default consent are allowed. As required by the GDPR, I take a "granular" approach i.e. I ask for separate consent for separate items and will not use vague or blanket requests for consent. As well as keeping evidence of any consent, I ensure that people can easily withdraw consent (and tell them how this can be done).

Note that the GDPR provides for special protection for children’s personal data and I comply with the requirement to obtain parental or guardian consent for any data processing activity involving anyone under the age of 13.

 

Conclusion

This policy sets out my commitment to protecting personal data and how that commitment is implemented in respect of the collection and use of personal data.

 GDPR Data Processing Outline

 Data subject

Lawful basis for collecting, storing and processing data

Special Category Data

Lawful basis detail

Action taken to inform data subjects

Data Management

Participant (13 and over)

Individual Consent

Disability

Health

The individual has consented to receiving updates about a class/es and for their personal data to be stored so that as a teacher I can stay informed about any health or wider needs that participants have that I need to consider whilst delivering the class/es.

Individuals are provided with a ‘Participants privacy notice’

Contact ceased 6 months after individual has stopped attending the class/es. All personal data not linked to financial records deleted/destroyed at this point.

Participant (12 and under)

Parental/guardian consent

Disability

Health

The individual’s parent or guardian has consented to receiving updates about a class/es and for their child’s personal data to be stored so that as a teacher I can stay informed about any health or wider needs that participants have that I need to consider whilst delivering the class/es.

Parent/guardian provided with a ‘Participants privacy notice’

Contact ceased 6 months after individual has stopped attending the class/es. All personal data not linked to financial records deleted/destroyed at this point.

 

 

Participants privacy notice

 


Overview wording

I would like to collect and use your personal data to keep you updated about my FitStepsmy classes and to keep me informed about any health or wider needs you have that I need to consider whilst delivering your class/es. See Participant privacy notice below.

If you are happy for me to collect and store your personal data please tick here .........

 

Name:........................................ Signature: ........................................ Date..............................

 

Participants Privacy Notice –

Amanda Beacroft – FitSteps with Amanda in East Sussex and Kent group exercise instructor

As your group exercise instructor, I am committed to protecting your privacy. This privacy policy sets out how I use and protect any information that you give me.

Your personal data and your membership

As an attendee of my group exercise classes, I collect, store and use the personal data that you provide me. I do this so that I can effectively manage my classes and ensure that as a participant you are kept informed and safe. I may use your data to contact you with class updates and wider group exercise related opportunities I think you may be interested in. I will use your data to keep me informed about any health or wider needs you have that I need to consider whilst delivering your class/es. If you have provided me with emergency contact details I will use this data when required. Some of the data that I collect from you is ‘specialist category’. This includes (not exhaustively) any data relating to disabilities and health. I collect and use this data to enable me to tailor activities to your needs.

Unless you have given me separate written consent, I will cease to contact you 6 months after your stop attending my class/es. At this point I will also delete/destroy all personal data that is not linked to financial records. I will store any personal data linked to financial records for a 6-year period. HM Revenue and Customs (HMRC) have the right to inspect financial information relating to the previous 6 years and require all trading entities to keep financial records for this length of time.

I will not share your personal data. All data you provide to me is stored on a password protected device and/or locked away. The only exception to this rule is when I carry paper copies of your personal data to the class/es that you attend. I must do this so that I have your health needs and emergency contact details to hand should they be required.

You may request details of personal data which I hold about you or withdraw your consent at any time. You can contact me on 07768 095184 or amanda@beacroft.net.   If you have any concerns about my information rights practices you can raise them here www.ico.org.uk/concerns or by calling 03031231113.                                                                                               

 

If possible please print out the above Privacy Notice by clicking the print Icon below and tick, sign and bring to class

Print

GDPR / Privacy Statement:

Here is the non jargon version of why I need to collect some personal data about class participants and what I will do with such personal data provided:

 

  • I need email address but will only email to respond to an enquiry where the client has first contacted FitSteps with Amanda in East Sussex and Kent and asked for me to provide information through an enquiry and to send out Health Questionnaires for completion in order to assist me in ensuring that during any class attended the choreography is adapted to suit and take into account any heath issues or injuries.  I may also email to keep clients informed about classes that they have requested to be kept informed about. 
  • I require telephone numbers so that I can:
    • contact clients to discuss certain aspects of their attendance to FitSteps Classes  
    • send text messages asking for clarification of certain pieces of information and to inform them about class timetable changes
    • and, when given permission to do so, I will add their mobile number to the FitSteps with Amanda WhatsApp FitSteps group where I will post information about class Timetable updates and reminders about classes.  At any give time clients may remove themselves from such WhatsApp group
  • I will keep clients' Health Questionnaires PARQ forms in paper files containing their personal data which will be kept in a locked environment and this file will be destroyed after 3 years which is the legislative recommended time period.  I need this data to ensure no injury occurs during classes as a result of a health issue or injury
  • I will keep a register of attendance for accounting purposes by way of an excel spreadsheet containing names and venue of attendance
  • I will add personal details as provided - name, address, email, telephone number, class attended, age (if provided), to my register of attendees and once the participant ceases to attend class his/her name will be removed from the register.  If age is  provided this is only for me to ascertain what music gentre is likely to be appreciated by the attendee to maximise enjoyment and overall experience of the the class
  • Emails containing personal data will be deleted from my computers after year end
  • I will not share any of your data whatsoever with any other parties whatsoever; however, your details will show up on the WhatsApp group which will only be accessible to other class participants.  If a client is unhappy about this then they may easily remove themselves from the App
  • All the above information will be held on my laptop in my locked office or on my mobile phone which will be kept on my person at all times