Verity on 07710 608723
Data Protection policy for Verity Howard, Teacher and Therapist of Body & Sole.
Policy prepared by: Verity Howard trading as Body&Sole (VH) · Next review date: 15/4/2019
In order to operate, VH needs to gather, store and use certain forms of information about individuals. These can include adult students and clients and business contacts and other people that VH has a relationship with or regularly needs to contact. This policy explains how this data is collected, stored and used in order to comply with the General Data Protection Regulations (GDPR).
Why is this policy important? This policy ensures that VH:
Protects the rights of students and clients, complies with data protection law and follows good practice and protects from the risks of a data breach
Who and what does this policy apply to?
It applies to all data that VH holds relating to individuals, including: Names, Email addresses, Postal addresses, Phone numbers, Medical information and any other personal information held.
Roles and responsibilities
VH is the Data Controller and will determine what data is collected and how it is used. She is responsible for the secure, fair and transparent collection and use of data. VH uses third party Data Processors (Google Drive) to process data on its behalf. VH will ensure all Data Processors are compliant with GDPR. VH to also hold medical records and personal information in paper form held in a secure locked location.
DATA PROTECTION PRINCIPLES
a. I fairly and lawfully process personal data in a transparent way. VH will only collect data where lawful and where it is necessary for the legitimate purposes of her teaching and therapy business. An individual's name, contact details and other details may be collected at any time, with their consent, in order for VH to communicate with them and promote classes and products.
b. I only collect and use personal data for specific, explicit and legitimate purposes and will only use the data for those specified purposes.
When collecting data, VH will always provide a clear and specific privacy statement explaining to the subject why the data is required and what it will be used for.
c. I ensure any data collected is relevant and not excessive
VH will not collect or store more data than the minimum information required for her intended purpose.
d. I ensure data is accurate and up-to-date
VH will ask current students and clients to provide current email addresses and contact number which will be updated annually. students and clients will also be able to update their data at any point by contacting VH.
e. I ensure data is not kept longer than necessary
VH will keep records for no longer than is necessary in order to meet the intended use for which it was gathered (unless there is a legal requirement to keep records). The storage and intended use of data will be reviewed in line with VH's data retention policy. When the intended use is no longer applicable (e.g medical records for pregnancy 25 years and all other medical records up to 7 years), after the stated peroid the data will be deleted within a reasonable period.
f. I keep personal data secure
VH will ensure that data held is kept secure.
Electronically-held data will be held within a password-protected and secure environment Physically-held data will be stored on a locked cupboard
g.Transfer to countries outside the EEA VH will not transfer data to countries outside the European Economic Area (EEA), unless the country has adequate protection for the individual's data privacy rights.