This privacy notice tells you what to expect when we collect personal data, and how to contact us should you wish to discuss any aspect of how we handle that data.
DATA PROTECTION CONTACT
If you have any queries at all regarding data protection, please email us at firstname.lastname@example.org
THE DATA WE PROCESS
We store basic customer and health related data so we can take bookings, communicate with our clients via a mailing list and help us to understand your needs and provide you with a better experience.
HOW THE DATA IS PROCESSED
We have personal health forms for you to fill out upon your first visit for all our services. We keep up to date records of your health and report of findings during each treatment with us. However, if your health changes whilst in our care it is your responsibility to tell us. We store this information in a locked filing cabinet. No one else has access to this but us.
While you’re subscribed to our mailing list you will receive emails from us about Pilates, Sports & Indian head massage, Equipilates or personal training related content. You are welcome at any time to unsubscribe from the list, of course – either use the “unsubscribe” link at the bottom of any email I’ve sent you, or drop us an email and we’ll take you off manually.
We use MailChimp to manage our customer mailing lists. They are a reputable global service provider, and they are fully aware of their responsibilities with regard to information security and data protection. They have a privacy notice of their own, which you can read at https://mailchimp.com/legal/privacy/. (If you’re interested, they also have a more detailed piece about their GDPR compliance: https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation).
MailChimp’s servers are located in the USA; they are registered under the Privacy Shield arrangement.
Other data stores
If you email us, anything you send will be kept for no longer than one year before being removed.
We don’t store any personal data on our website, which is hosted by fasthosts. The Web server stores the usual log information for support and problem diagnosis purposes, but it doesn’t identify any individuals and nor do we attempt (or wish) to identify anyone from it.
Where cookies are used, it’s simply to make it work and to provide a good customer experience. You can tweak the settings on your browser to suit your privacy preferences.
We use Facebook, Instagram and LinkedIn to post news and information. If you send us private messages, we will purge them after no more than six months.
We will always ask for your consent should we wish to feature you in our social media.
YOUR DATA PROTECTION RIGHTS
You have a number of rights under the laws of data protection. As we mentioned earlier, please get in touch if you have any queries or concerns. We retain a log of requests that we receive so we can demonstrate compliance with data protection law.
- Right of access: you can request a copy of any personal data we hold about you.
- Right to rectification: you can ask us to correct any data that’s wrong.
- Right to erasure: you can ask for your data to be deleted, as long as we don’t have a legitimate need to hold onto it (e.g. to send bills).
- Right to restrict processing: you can ask that we stop processing your data if there’s some kind of dispute about its use.
- Right to object: you can object to us using your personal data.
- Right to data portability: if you want us to send a copy of your data to another organisation, please ask.
As we have said already, please get in touch if you have any concerns. If you are dissatisfied with the way in which your complaint has been handled you may contact the local data protection supervisory authority:
Office of the Information Commissioner
Phone: +44 (0)1534 716530