General Data Protection Regulations Policy & Procedure
1) Purpose of this policy
This policy describes how I collect and use personal data about you, in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK (‘Data Protection Legislation’).
2) About me
I am a yoga instructor.
For the purpose of the Data Protection Legislation and this notice, I am the ‘data controller’. This means that I am responsible for deciding how I hold and use personal data about you. I am required under the Data Protection Legislation to notify you of the information contained in this privacy notice.
I am also the Data Protection Officer.
3) How I collect your data?
3.1) From your completed Student Health Questionnaire and booking forms
3.2) Other contact details from your emails, phone calls, texts and conversations
3.3) Health information that you may have subsequently told me about
4) What data do I collect?
4.1) Contact details
4.2) Emergency contact details
4.3) Health information
5) Why do I collect your data?
5.1) To notify you if I have to cancel or rearrange the day or time of a class
5.2) To let current and former students and other interested parties know of new classes, workshops and events I am running
5.3) The health information assists in the planning of my yoga classes
5.4) To comply with the terms of my insurance and membership of The British Wheel of Yoga
5.5) To contact next of kin in the case of a student becoming unwell during a class
6) How is your data stored/secured?
6.1) Your data is recorded on paper and electronically
6.2) I have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed
6.3) I have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where I am legally required to do so
7) How long is data stored for?
7.1) Information is kept when you are a current student
7.2) Former students’ information is kept for as long as is necessary for insurance purposes
8) How is data kept accurate and up-to-date?
8.1) Students are required to complete a new Student Health Questionnaire if their personal or health information changes
8.2) Former students who have requested to be kept informed of workshops and classes can contact me to update their contact details and mailing preferences at any time
9) What will happen to your data after it is no longer required?
9.1) Any paper records will be shredded or burned
9.2) All digital records will be deleted off all devices
10) Who has access to data?
10.1) All students and ex-students have access to their own information by request
10.2) Group emails will be sent bcc so that other recipients do not have access to others email addresses, unless I am being copied into a group email that already shows addresses
10.3) I will not share your contact details with other students unless I have it in writing from you that you would like me to pass on your details to someone
10.4) I will contact the person nominated as your emergency contact if you become unwell in a class and these details will also be passed on to the Emergency Services as necessary
10.5) Your health details may also be shared with the Emergency Services as necessary, on a strictly need to know basis
11) Changes to this policy
11.1) You will be notified if any changes are made to my privacy notice in the future
11.2) This privacy notice was last updated on 15 May 2018.
12) queries/complaints about the way I store your data
12.1) If you have any questions regarding this policy or if you would like to speak to me about the manner in which I process your personal data, please email e-mail me at lisa-yogaforall.com
12.2) You also have the right to make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details am as follows:
Information Commissioner's Office, Wycliffe House’ Water Lane, Wilmslow, Cheshire, SK9 5AF