GDPR (General Data Protection Regulation) is the most significant piece of privacy and data protection regulation in twenty years. It came into effect on 25th May 2018 and from that date businesses are required to ensure that they gain a new data protection and privacy consent from all clients. I, Betsy Twelves-Dickson, also known under my business name of the Bespoke Approach, confirm what information I hold about you, why I need it and how I am permitted to use it.
What information do I hold and why do I have it?
I hold the following information:
Name, address phone/mobile no & email address, date of birth and gender
These are all required as your personal record and so I can contact you.
This data includes a nominated emergency person and their contact details.
Health and Physical Activity Related Data
All students are asked to complete a Health & Physical Activity questionnaire, so I have an awareness of your current level of fitness and health history.
This allows me to assess how best to work with you.
Session Records– these are notes that I keep recording progress and personal requirements of private clients.
I am required to take and retain client records for at least 7 years following the last occasion on which a session was attended. In the case of treatment to minors, records shall be kept for 7 years after they reach the age of majority (18).
I may need to share your data with authorised legal, regulatory and insurance authorities, if required by law or to defend myself.
After 7 years following the last occasion on which you attended a session, I will destroy all of your records by deleting and/or shredding them.
How and where do I hold your data?
All Health & Physical Activity forms and Session records are kept in a secure environment, whether electronic or physical records. Only I have access to these records. I will take all appropriate steps to protect the confidentiality, integrity and authenticity of your data.
Your Individual Rights under the Data Protection Act 2018. You have:
- the right of access to your personal data;
- the right to object to the processing of your personal data;
- the right to restrict the processing of your personal data;
- the right to rectification of your personal data;
- the right to erasure of your personal data;
- the right to data portability (to receive an electronic copy of your personal data);
In exercising your Individual Rights, you should understand that in some situations I may be unable to fully meet your request, for example if you make a request for me to delete all your personal data, I may be required to retain some data for taxation, legal, regulatory and insurance purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters.
If you are dissatisfied with the way in which I process your personal data, you have the right to complain to the UK’s Data Protection Supervisory Authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns, by live chat or by calling their helpline on 0303 123 1113.
How to contact me
If you have any questions regarding the use of your data and your Individual Rights, please contact me on firstname.lastname@example.org or 07922 439 165