This notice sets out your rights under the Data Protection Act 2016 how Oriental Yoga collects, uses, retains and discloses your personal information. Personal information is information that identifies you and is about you. This privacy notice applies to yoga practitioners, prospective yoga practitioners, contractors, suppliers and visitors to our website.
WHO WE ARE
Oriental Yoga is owned by Mr. Simon Rowe 63 Upper Aughton Road, Birkdale, Southport PR8 5ND. Email is firstname.lastname@example.org
To ensure that we process your personal data fairly and lawfully this notice informs you
- why we need your personal information, how it will be used,
- who it will be shared with,
- what rights you have in relation to the personal information we collect from you.
HOW THE LAW PROTECTS YOU
Your privacy is protected by law, which says that we can use your personal information only if we have a proper reason to do so. This includes sharing it with third parties. The reasons why we may process (i.e. obtain, store, update and archive) your personal information are:
When you consent to it;
To fulfil a contract we have with you;
When it is our legal duty;
When it is in our legitimate interest (if we rely on our legitimate interest, we will tell you what that is);
Vital interest – we may process your personal data in order to protect your vital interests – for example, if you require emergency treatment.
Below is a list of the ways that we may use your personal information, and which of the reasons we rely on to do so. This is also where we tell you what our legitimate interests are.
What we use your personal information for and our reason(s) for processing:
Our legitimate interests (where applicable) - to confirm yoga course bookings and class time alterations/closures
Legitimate interest - to provide a safe, enjoyable and professional yoga instruction. To maintain a record of all yoga practitioners attending class
To keep a record of yoga practitioner enrolment and for HMRC purposes.
Consent to complete basic written health notes containing: your presenting condition; relevant medical history; assessment to be able to join a class of yoga.
Performance of contract
Providing appropriate, high quality, safe yoga practice and maintaining a written document of enrolement in the event of criminal proceedings, a civil claim, an insurance claim or a complaint.
To record and report accident or adverse incidents involving any yoga practitioners, visitors and report these to relevant bodies (HSE, RIDDOR, insurers)
Legitimate interest - In the event of a civil claim, criminal proceedings, insurance claim or complaint. To investigate complaints and feedback received from practitioners. To resolve problems and improve practitioner training.
Advice and business services from accountants, web developer and solicitors
WHAT TYPES OF PERSONAL INFORMATION DO WE HANDLE?
We process personal information to enable us to support the provision of yoga services to patients, maintain our own accounts and promote our services. The types of personal information we use include:
Personal identity –
such as name, date of birth;
Contact details – such as
address, telephone and mobile numbers, email address;
Messages you send us via our website;
Details of when you contact us and when we contact you (including copies of written communications such as emails or text messages);
Any consents you have given us in relation to your yoga training and the processing of your information.
For the provision of yoga services to you it will be necessary to collect and process information which the Data Protection Act defines as “sensitive” that may include:
Data concerning health;
Generral Medical history to assess suitability to practice yoga and join one of our classes.
In such cases we will always explain what information we require and why it is needed. Such data will always be processed and stored securely.
MARKETING - We do not process your data for marketing purposes or sell your information onto 3rd parties.
HOW IS DATA STORED
All enrolement records are manual paper based ones and kept securely and confidentially in locked filing cabinets on a lockable premises. Day to day acess to the data is only by Simon Rowe with no records kept on electronic files.
Any computers or smartphones used to access messages, emails and texts are password protected with anti-virus software.
WHERE WE COLLECT PERSONAL INFORMATION FROM
Personal information you give to us:
When you contact us (for example by phone, email, text messages, letter or via the website);
When you come to yoga classes
From completion of manual enrolement forms
Any information gathered from our websites www.orientalyoga.co.uk,
IF YOU CHOOSE NOT TO GIVE PERSONAL INFORMATION
We may need to collect personal information by law or for Insurance purposes or under the terms of the contract we have with you.
If you choose not to give us this personal information, it may delay or prevent us from meeting our obligations. It may also mean that we cannot provide you with yoga training. We will notify you if your choice not to give personal information to us would result in a delay or prevent us from meeting our obligations.
WHO WE SHARE YOUR PERSONAL INFORMATION WITH
We may share your personal information with named third parties with your explicit consent.
Regulatory and advisory bodies such as the The Independent Yoga Network and public liability insurers and solicitors in case of adverse incidents, complaints and insurance claims.
With relevant authorities if necessary to comply with a legal obligation to which we are subject, such as a court order or HM Revenue and Customs.
Where there is a vital interest that overrides confidentiality such as need for emergency treatment or safeguarding vulnerable adults or children
OUR COMMITMENT TO YOUR PRIVACY
We recognise the importance of protecting personal and confidential information in all that we do, and we take care to meet our legal duties by putting in place security and procedural controls to protect your personal information.
How long do we keep your personal information?
We will keep your personal information for no longer than is lawfully necessary to conduct our business with you and/or in accordance with our legal obligations for data retention.
We will keep your personal information for 10 years following the last class in order to respond to questions or complaints and to maintain records. After 10 years all manual paper patient records are securely shredded in a cross head shredder.
Emails according to simple enquiries resulting in no advice or information are deleted after one month. Text messages are deleted after the enquiry is dealt with.
Accident or adverse incident records are kept for 3 years from the date of recording
Unless subject to an exemption under the GDPR, you have certain rights with respect to your personal information as set out below.
In order to exercise your rights under data protection law, please contact us by writing to Simon Rowe Oriental Yoga 63 Upper Aughton Road Southport PR8 5ND or email email@example.com
TO GET A COPY OF YOUR PERSONAL INFORMATION
You can request a copy of your personal information, as well as why we have that personal information, who has access to that personal information and where we got that personal information from at any time. Once we have received your request we will respond within 30 days.
TO LET US KNOW IF YOUR PERSONAL INFORMATION NEEDS UPDATING
You have the right to question any information we hold on you that you think is wrong, out of date or incomplete. If you do, we will take reasonable steps to check its accuracy and correct it.
THE RIGHT TO WITHDRAW YOUR CONSENT TO PROCESSING AT ANY TIME
Where there is a dispute in relation to the accuracy or processing of your personal data, you can request a restriction is placed on further processing. If you want to object to how we use your personal information, or ask us to restrict how we use it, please contact us using the details above.
THE RIGHT TO REQUEST YOUR PERSONAL INFORMATION IS ERASED
You have the right to request your personal information is erased where it is no longer necessary for us to retain it. This is known as ‘the right to erasure’ or ‘right to be forgotten.
If you want us to erase your personal information, please contact us using the details above. When we receive your request, we will confirm whether the personal information has been deleted or tell you the reason why it cannot be deleted. There may be legal reasons why we need to keep your personal information.
THE RIGHT TO REQUEST WE PROVIDE YOU WITH YOUR PERSONAL DATA
The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller. This right only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case that we are processing the data by automated means.
All manual records can be scanned and forwarded on application with signed consent
THE RIGHT TO BE INFORMED IF YOUR DATA IS LOST
We shall also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR.
YOUR RIGHT TO COMPLAIN
If you are not satisfied with our response or believe that we are not processing your personal information in accordance with the law, you can complain to the Information Commissioner’s Office by emailing firstname.lastname@example.org or telephoning 0303 123 1113 or visiting their website www.ico.org.uk
Their address for written complaints is Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
OUR CONTACT DETAILS
Mr Simon Rowe
63 Upper Aughton Road
Southport PR8 5ND