How does GDPR affect me?
After 20 years, the Data Protection Act has been replaced by the GDPR. The aim is to ensure that your personal, sometimes sensitive, confidential data is held privately and securely, being processed in the way that you have agreed to. It exists to protect your rights as a consumer involving your identifiable data, e.g. your name and address & any reason you might have for joining my classes or workshops. It also covers any text messages or emails between us.
Can I ask for my information to be deleted?
GDPR allows you to request the deletion of any of your records, by making a request in writing to me through email. Should you request this then all your paper records would be shredded. Any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on. Please note that I would have to save the deletion request you made, but would not save any other data. Exceptions occur where there is a legitimate legal reason for maintaining your information, for example for accounting purposes.
Can I ask to see my data and if so how quickly can I look at it.
You are now able to ask to see any information that is held about you within 30 days of asking. You can even ask for a copy of any personal information held by me if you wish. It is possible however, that my insurance company’s legal team may want to verify information I send out.
Why do you need a record of this information?
In order to give you the highest quality support I can, I collect information about: what you want to achieve by coming to my classes, workshops or retreats, a relevant amount of medical/health information and some information about your emergency contacts and your date of birth where supplied. This information allows me to plan classes appropriately for you and to track your progress. Your contact details / address and Health Practitioner and/or GP’s details will only be used with your explicit consent.
How do I know that my information will be held securely?
• Paper notes – Are all stored in locked cabinets, behind a locked door.
• Text messages – My work phone is secured with face or finger print recognition or a pass code.
• Emails – My email account requires a username and password. I use Mailchimp for my email campaigns and Mailchimp are also GDPR compliant.
• Other – Your data may also be handled by other third party systems, for example when completing a contact form on our website. We ensure that any systems we use are GDPR compliant.
Do my records remain confidential?
On occasion a temporary instructor will be standing in for me and in such instances I may choose to share any information pertinent to that class, such as who attends and any medical issues to be aware of to ensure the instructor can teach the class effectively. The temporary instructor will not be passed any contact details for you.
In order to exercise your rights under data protection law, where there is any doubt, we will need to verify your identity for your security, in order to communicate with you about your personal information.
You can contact me by emailing firstname.lastname@example.org