Yoga with Debs Confidentiality, Data Protection & Privacy Policy

Mission Statement – Adapt, Accommodate, Empower, Respect

I thrive:

• To meet individuals where they are at, and adapt the session accordingly, to ensure the practice is meeting individual needs at the time.
• To accommodate individual needs to ensure accessibility and learning is fun.
• To empower and build confidence
• To be respectful of individuals at all times

Introduction

Yoga with Debs is registered with ICO with a Data Protection Registration Certificate (ZB87615)

Yoga with Debs is committed to processing data in accordance with its responsibilities under the GDPR.

Article 5 of the GDPR requires that personal data shall be:

1. processed lawfully, fairly and in a transparent manner in relation to individuals;
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

 

GENERAL DATA PROTECTION REGULATION: REGISTER OF SYSTEMS

• The data we collect and in what way
• Data security, how the data are stored, including back up, and who has access to them
• Sharing the data
• Purpose for which the data are used
• Data removal and archiving

The data we collect and in what way

On becoming a client of Yoga with Debs individuals are asked to complete an online or paper registration form and to supply personal information including name and email address, a residential address and telephone number, emergency contact number, Dr details, medica/learning needs/other information relevant to the services I am providing.

The data is entered into Gmail & Outlook contacts by the Director and updated as new data is made available throughout the year (e.g. change of email or residential address).

Names and email addresses are also entered by the Director into a contact database in order to facilitate the dispatch/receipt of an online newsletter.

Data security, how the data are stored and who has access to them

Only the Director of Yoga with Debs has access to the personal data of clients of Yoga with Debs.

Any paper sign up forms will be stored safely, in a locked drawer at the home of the Director (also workplace when not teaching in other settings).

Online data is stored electronically and password protected, authorised by only me on a home device which is password protected to log in. Files are stored in password protected folders.

Online data is backed up onto an online storage system. This is also password protected and authorised by only me.

Sharing the data

The complete data set is not shared with anyone.

The complete data set will not be shared with any third party unless legally obliged to do so.

From time to time it might be necessary to share the personal data – Electronic data can be shared via email.

Hard copy data would be sent via registered mail.

This will not, however, be done, without the agreement of the member concerned.

Purpose for which the data are used

The data is processed on the basis of legitimate interest.

The data is used primarily as a vehicle for disseminating information about Yoga with Debs and its activities.

The registration form specifically asks members to opt in to receiving information from Yoga with Debs.

Each electronic newsletter provides the option to unsubscribe.

Data removal and archiving

A client who no longer attends classes/retreats/workshops is kept on the membership database for 3 further years and continues to be sent newsletters during that time.

If a client no longer attends classes/retreats/workshops after this period, his/her data are removed from the membership database to an archive list for a further two years and no further newsletters are sent. The archive list is used solely for the purpose of informing former members from time to time of Yoga with Debs activities in which they might be interested.

Data relevant to therapeutic services provided would be kept for a further 2 years (7 years in total)

Removal of information would either be deleting all files electronically stored and shredding of paper documents.