YOGA4ALLSEAONS DATA PROTECTION AND PRIVACY POLICY
A certain amount of personal data is collected by Yoga4allseasons on your contact and health form. This is for the purposes of meeting insurance company criteria, allowing me to contact you with updates on class information as well as for your health and safety at my yoga classes, all information is treated as confidential and will be kept solely for my use and will not be shared with a third party.
Data Protection Requirement Statement issued by Carolyn Bennett
Data Protection Officer: Carolyn Bennett
Contact details: yoga4allseasons@gmail.com or 07784557564.
In compliance with the General Data Protection Requirement I can confirm the following about how I store and manage student information.
When a student joins a Yoga4allseasons class they are asked to complete a contact and health questionnaire. These are standard forms used for all my clients regardless of where I see them. These forms are an insurance requirement, email and telephone details are used to inform you of class changes, service updates and information directly related to my yoga classes. All details on this form are only used by myself.
Paper forms
All forms completed by students are stored in a locked metal filing cabinet at my home, I am the only key holder and nobody else has access to it. As per my insurance terms student’s forms are kept for 7 years. Archived forms (ie from a person no longer attending the class) are kept for 7 years from the date of the last class attended. Child/minor health forms are kept for 7 years after the age of 18. After 7 years archived forms will be disposed of using a cross cut shredder.
Electronic record keeping
Students names and email addresses are added to an excel spreadsheet for class attendance records. This file/workbook is password protected and encrypted. This is for my information only and is never shared with other organisations. Where possible Mailchimp is used for email purposes, this is a secure permission based email system which are GDPR compliant, (see their privacy notice at www.mailchimp.com) when you attend one of my classes you will be invited to ‘opt-in’ to my email mailing list, you can choose not to receive emails from Yoga4allseasons by not subscribing, preferences can be altered or you can unsubscribe at any time using the function within the email. If students enquire by email then these emails are only kept as long as is necessary and details are not added to my records. I may also use telephone numbers or direct contact email (not Mailchimp) to contact you about urgent class changes, if you do not want me to contact you in this way please inform me in person or by emailing yoga4allseasons@gmail.com.
Emergency contact information
Emergency contact information is collected solely for use in an emergency, should I need to contact your next of kin or give this information to the emergency services. This is the only information that would be shared with a third party and only in the context of an emergency.
Appointy online booking system
If you choose to use the online booking system then your name and email address will be stored within their system, they are a respected online booking system that are compliant with GDPR, see their privacy notice at https://www.appointy.com/appointy-gdpr. Emails will be sent to confirm class bookings and as reminders.
Changes to my privacy policy
My privacy policy from time to time may be updated, I will make this information available and advise you of any changes.
Service user access to data.
In line with ICO guidelines, I am willing and able to respond to subject access requests for any data I hold. Following guidelines, requests need to be made in writing and I will respond within the 1 month allowed. There will be no charge made for data requests. I reserve the right to refuse or charge for requests that are manifestly unfounded or excessive, informing the individual why and notifying the relevant supervisory authority within the month. I am registered with the ICO.
Your Rights
Data Protection Law means that you have extensive rights regarding the collection, storage and use of your data.
Under the GDPR (General Data Protection Regulation) you have the following rights as an individual regarding your data:
1. The right to be informed.
2. The right of access
3. The right of rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights in relation to automated decision making and profiling
If you would like to find out more about these rights, or if you would like to report a breach to them then you can contact the ICO (Information Commissioners Office)
or call their helpline on 0303 123 1113
Further contact details for the ICO can be found here: https://ico.org.uk/global/contactus/helpline/
Updated 1/3/2024