Updated 23rd May 2018
Brockley Nordic Walking is committed to protecting any personal data you share with us and committed to complying with the Data Protection Act 1998 and the enhancements brought in by the General Data Protection Regulation (GDPR) coming into effect on 25th May 2018.
1 Who are we?
Laura Kinnunen is a Sole Trader, therefore this policy covers the work of Laura Kinnunen operating as Brockley Nordic Walking. Brockley Nordic Walking delivers Nordic Walking courses, group and private sessions, and its mission is to empower its customers to take up physical activity and promote healthier lifestyles.
2 Your personal data – what is it?
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
3 Why do we collect personal data?
Any personal data that we collect will only be in relation to the work we do with our customers and through our relationship with friends and supporters of Brockley Nordic Walking.
4 How do we collect personal data?
We collect personal data through customer enquiries via email, web, telephone and social media channels, namely Facebook, Twitter & Instagram, via opt-ins to receiving our Mailchimp email newsletters, and through our online booking system Bookwhen. We also collect personal data in the form of the Physical Activity Readiness Questionnaire (PARQ) or an online health questionnaire you are asked to complete as a new customer.
5 How do we use personal data?
We use personal data for the following purposes:
• To ensure that we work with you in a safe and appropriate way;
• To administer customer records;
• To maintain our own accounts and records;
• To inform you of news, events and activities via our email newsletter
• To comply with professional insurance requirements;
6 How do we process your personal data?
Brockley Nordic Walking complies with its obligations under the “GDPR” by:
- keeping personal data accurate and up to date;
- by storing and destroying it securely;
- by not collecting or retaining excessive amounts of data;
- by keeping it only for as long as necessary for the purpose for which it is used;
- by protecting personal data from loss, misuse, unauthorised access and disclosure, and;
- by ensuring that appropriate technical measures are in place to protect personal data.
7 How long do we keep personal data?
We take appropriate measures to ensure that the information we hold about you is kept secure, accurate and up to date and kept only for as long as necessary for the purpose for which it is used:
- Enquiries from customers and non customers – message, name and email address – received via our website or by email – held for up to two years, and used to answer query and follow up.
- Enquiries from customers and non customers – message, name and social media account details – received via our Facebook, Twitter or Instagram accounts – held for up to two years, and used to answer query and follow up.
- Mailing List – name and email address – populated by those registering to receive our email newsletters via our website, or opting in through a newsletter sign up form via Facebook or Twitter. Your subscription preferences may be changed by you at any time and it is easy to unsubscribe from our mailing list. There is a clear automatic unsubscribe option at the bottom of each email, or you can contact us and we will remove you from the list.
- Health and Registration Forms from customers – name, contact details and health information – completed via our booking system Bookwhen or via a paper Physical Activity Readiness Questionnaire in class. Your information has been collected to enable us to work with you in the safest and most appropriate way and is held for at least seven years in order to comply with professional insurance requirements.
- Telephone numbers – used to contact you about last minute class cancellations – held on file for the duration of our relationship.
- Attendance registers – data collected in class – used for class management, and held for at least seven years in order to comply with professional insurance requirements.
- Payment data, excluding card information which we do not receive at any time. Saved for at least seven years in order to comply with accounting and tax obligations.
- Website cookies set automatically by our software. We do not knowingly access these or pass to third parties.
8 How do we protect personal data?
We take appropriate measures to ensure that the information we hold about you is kept secure, accurate and up to date and kept only for as long as necessary for the purpose for which it is used.
Your information is stored securely. When data is stored on paper, for example when you complete a paper PARQ form, it is kept in a secure locked cabinet where unauthorised people cannot see it. Data printouts are shredded and disposed of securely when no longer required. When data is stored electronically, it is protected from unauthorised access, accidental deletion and malicious hacking attempts by protecting it by strong passwords that are changed regularly and never shared. Data is stored only on a designated drive and computer, and backed up frequently. Data is never saved directly to mobile devices like tablets or smart phones, other than an encrypted device. All data is protected by approved security software and a firewall.
9 Sharing your personal data
Your information is confidential and will never be shared with anyone else. Except where required by law, we do not share data with third parties. We will never sell your contact details.
10 Your rights and your personal data
You have the following rights with respect to personal data we hold about you: –
• The right to request a copy of your personal data which we hold about you;
• The right to request that we correct any personal data if it is found to be inaccurate or out of date;
• The right to request your personal data is erased where it is no longer necessary for us to retain such data;
• The right to withdraw your consent to the processing at any time;
• The right to request that the data controller provide the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability);
• The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
• The right to object to the processing of personal data;
• The right to lodge a complaint with the Information Commissioners Office.
12 Contact Details
Should you have any questions or queries about this policy or how we handle your data, or to exercise all relevant rights, please contact Laura Kinnunen at firstname.lastname@example.org