YOUR PERSONAL INFORMATION:
GENERAL DATA PROTECTION REGULATION (GDPR)
What Is GDPR?
GDPR is a new data protection law which came into full effect on 25th May 2018. It sets out the main principles of data protection and the responsibilities organisations have when handling personal data. It protects individuals’ personal information and improves their control and how it is collected, stored, shared and used.
Therefore, because I undertake activities working from home, I understand I am subject to the new GDPR regulations. To fall in line with this, I have to let you know what personal information I hold about you and why, and what your rights are. Once you have read it please complete and sign the declaration at the bottom of the page.
If you have any enquiries relating to the new GDPR, then please contact me by one of the above means.
The Purpose Of Processing Information I Hold:
The purpose of holding and using information I retain is to allow you to reserve or cancel your yoga class space on line via the booking system. As this happens I receive notifications accordingly on my computer, tablet or smart phone. When I access the booking system from one of these electronic devices, I am able to see the personal data of those attending a class on a particular day and at a specified time.
When you attend a class, your information details are stored for you to record your visits to The Yoga Lodge and allow me to contact you should a class require cancelling at shorter notice, i.e. not enough attendees or illness on my part.
I may use your information to send you any communication which may be of interest. This may include information regarding an up-coming event, such as a yoga workshop. If you book onto a workshop, your details will be used as part of a group email circulation. However, if you prefer I can contact you individually.
When you either phone, email or text me, I would hold this data to help me formulate a response to you. In other words, this is used for related support or another related service support.
Lawful Basis For Holding And Using Your Personal Information:
The lawful basis under which I hold and use this information is “our legitimate interests”, i.e. my requirement to see who has reserved or cancelled a class space or if you contact me by phone, email or text I can provide you with the best possible support or another related service support. Separately, you log your visits to The Yoga Lodge manually on an index card, particularly if you have paid up-front for a course of six classes.
What Information I Hold And What I Do With It:
In order to provide you with a yoga class reservation on-line booking system and respond to subsequent support, I have to ask for and keep information about you. I will not use this information for any other purpose (except as required for legal purposes) without your prior consent. The information I would hold is:
• Your contact details, i.e. name, telephone number and email address
• If relevant, a record of any contact with you.
I retain this information for you to manually log your class attendance, or I may use this to contact you at short notice of class cancellation, or on another separate matter.
I may retain this information in respect of you having an on-going enquiry, requiring support, requiring support of another service, or to send communications which may be of interest to you, i.e. a yoga workshop.
Please note there is no-one else involved in my business other than myself. Therefore, no sensitive personal data is passed to a third party. You may though, like to be aware of the following:
Booking Class Spaces On Line:
How Long I Keep Your Information For:
The criteria used for determining the retention period is as follows:
• For booking class spaces on-line:
- Your details are displayed and are accessible until the class takes place
- From administration area of the Bookwhen website, I am able to access a list attendee email addresses
- Reservation or cancellation emails received will be deleted weekly along with other more general correspondence deemed unnecessary to retain
• Storage of index cards:
- Students who attend a minimum of 6 or less times will have their details removed within one year of that first attendance
- Students who attend 6 or more times will have their details removed when their current record of attendance card is full and a new one is used accordingly, or any record will be removed within a 6 year period.
- At an attendees request as listed under “Your Rights”.
• Storage of this GDPR Agreement:
- This agreement will be stored in a lockable filing cabinet for a minimum of 12 months, or up to a maximum period of six years.
- If you have not attended the Yoga Lodge over a 12 month period your details will be shredded.
- Stored until an attendee requests for it to be removed or erased as listed under “Your Rights”.
• For an on-going enquiry, requiring support or requiring support of another service:
- To issue a speedy response in case correspondence is on-going
- If relevant to an enquiry/on-going support or another support, correspondence will be printed and stored away in a locked filing cabinet
- In either case, any correspondence will be removed within 6 years.
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate electronic/technical and manual security procedures to safeguard and secure the information collected from you.
My computer, tablet and smart phone are password secure and the manual logging of yoga classes on index cards are stored in a locked box securely out of sight when not being used.
Data Protection Breach Of Security:
A personal protection data breach, is a security incident affecting the confidentiality, integrity or availability of personal data, whether caused deliberately or accidentally. In the event of this happening by law the ICO must be notified where there may be a risk to the rights and freedoms of individuals. I will do this by calling the ICO helpline on 0303 123 1113. The ICO will help me decide if I have to contact you the subject matter regarding it.
GDPR gives you the following rights:
• The right to be informed: to know how your information will be held and used (this notice)
• The right of access: to see my records of your personal information, so that you know what is held about you and can verify it.
• The right to rectification: to tell me to make changes to your personal information if it is incorrect or incomplete.
• The right to erasure (also called “the right to be forgotten”): for you to request me to erase any information I may hold about you if you ask me not to hold this anymore.
• The right to restrict processing of personal data: you have the right to request limits on how I use your personal information.
• The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems. (Probably not applicable as I do not intend to store information electronically).
• The right to object: to be able to tell me you don’t want me to use certain parts of your information, or only to use it for certain purposes.
• Rights in relation to automated decision-making and profiling. (Probably not applicable in this case).
• The right to lodge a complaint: this would be to the Information Commissioner’s Office (ICO). To be able to complain if you felt your details are not correct, if they are not being used in a way you have given permission for, or if they are being stored when they don’t have to be.
The Yoga Lodge Rights:
Please be aware of the following:
• If you do not agree to having minimum personal data stored manually or electronically through the booking reservation system for a class then you will be unable to attend the Yoga Lodge. I would also be unable to contact you at short notice, i.e. not enough attendees to run a class or if I became ill and unable to teach
If you agree & acknowledge that you have read and understood the information provided here, and agree to the way The Yoga Lodge holds your personal information and using it to provide the best support, or on-going support of another enquiry or related issue or service in line with the lawful basis as defined above, you need not do anything and we will continue to hold your data to provide you the best service that we can.
If you do not agree to having minimum personal data stored manually or electronically through the booking reservation system for a class then you will be unable to attend the Yoga Lodge. Please complete the form to remove your data form our database.
The Yoga Lodge
25 Heatherside Road, West Ewell, Epsom, KT19 9QS
Landline: 02088732843 Mobile: 07973410375
07973 410375 020 8873 2843 • firstname.lastname@example.org