Print this page
My contact details:
o Name: Sue Cockroft
o Address: Denby Barn, Ellingstring, North Yorkshire, HG4 4PW
o Phone Number: 07776 195694
o E-mail: firstname.lastname@example.org
o Website: www.pilatesandyou.co.uk
The type of personal information (data) that I collect:
I currently collect and process the following information:
o Name, email address and telephone numbers
o Limited, relevant medical history
How I get this personal information (data):
The personal information that I use (or “process” as the GDPR describes it) is provided to me directly by you, usually when you complete a Physical Activity Readiness Questionnaire (PAR-Q) Form. I ask all clients to complete these industry standard forms before starting any of my classes and then again at least annually so that the information remains up to date.
If I am working with a client on a more tailored 1:1 programme, then additional information might be gathered, with their permission, as part of a pre-assessment to help us set and measure progress towards improvement goals. In such a case this additional information would be stored alongside the client’s current PAR-Q form.
Unless at your specific request; I do not receive personal information from any other source and do not pass personal information onto any third party.
Why I have/need this personal information (data):
I ask for this information for the following reasons:
o Name, email address and telephone numbers:
• I send clients occasional emails containing information about new or changed class dates/times/locations etc and/or other information that I believe may be of interest. If you do not want to receive such emails, please use the contact details above to let me know.
• I also use clients’ names for administrative purposes, such as recording payments as part of my business accounts.
• I would only use a client’s telephone number as a last resort where email communication would not be effective eg in the event of a last minute change to a class.
• I request an emergency contact name and number for each client that would only be used in the event of an emergency eg if a client was taken ill during a class.
• The lawful ground for processing this data is a legitimate interest.
o Limited, relevant medical history:
• The data is processed to ensure that it is safe for you to participate in my fitness classes.
• It allows me to monitor and adjust lesson plans to make the outcomes of classes as positive as possible for everyone.
• Clients are not able to participate in classes without having completed a PAR-Q form.
• The lawful ground for processing this data is a legal obligation and it is also a requirement of my public liability insurance.
How I store your personal information (data):
Your information is securely stored as follows:
o PAR-Q forms:
• When a client completes a hard copy, these are stored in folders in a locked cabinet within my home.
• If a client sends additional medical information as a follow up to questions regarding their PAR-Q form, this information would be stored alongside a hard copy of their PAR-Q form.
• When a client completes an online copy, these are stored on a secure Google Forms server that only I can access (via password control).
• PAR-Q forms will be retained for 5 years, in keeping with the requirements of my public liability insurance. At the end of that retention period, I would shred any hard copy records and delete any electronic records.
o Name, email address and telephone numbers:
• For easier access, this personal information is stored securely within appropriate applications on my phone, desktop computer and laptop – all of which are password controlled.
• Some limited information will be included in hard copy records; in my business accounts for example. These are stored in folders in a locked cabinet within my home.
• Once a client informs me that they no longer wish to take my classes, I would cease to use their email address and telephone numbers.
• I would retain such personal information for 5 years after a client has stopped taking my classes, in keeping with the requirements of my public liability insurance and HMRC with respect to my business accounts.
• At the end of that retention period, I would shred any hard copy records and delete any electronic records on my phone, desktop computer and laptop.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – the right to ask me for copies of your personal information.
Your right to rectification – the right to ask me to rectify personal information that you think is inaccurate. You also have the right to ask me to complete information you think is incomplete.
Your right to erasure – the right to ask me to erase your personal information in certain circumstances.
Your right to restriction of processing – the right to ask me to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – the right to ask that I transfer the personal information you gave me to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you.
Please contact me at email@example.com if you wish to make a request.
How to complain
If you have any concerns about my use of your personal information, you can make a complaint at firstname.lastname@example.org
If you are still unhappy with how I have used your data, you can also complain to the ICO (Information Commissioner’s Office). The ICO are the UK’s independent authority who were set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk