The new Data Protection Legislation came into force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR) is EU wide legislation and has become the 2018 Data Protection Act.
As a client of Addictive Fitness Limited, we are updating you to advise you how we will be handling your data to comply with the new General Data Protection Regulation (GDPR).
We have created this privacy statement in order to demonstrate our firm and continuing commitment to the privacy of personal information provided by those visiting and interacting with. We hold the privacy of your personal information in the highest regard.
We recognise the importance of protecting your privacy and our policy is designed to assist you in understanding how we collect, use and safeguard the personal information you provide to us and to assist you in making informed decisions. This policy will be continuously assessed against new technologies, business practices and our customers’ needs.
The name and contact details of our organisation(s):
Who is our data protection officer (DPO)?
What data do we hold / collect?
- Your Name
- Health Conditions
- Fitness Lifestyle / Activities
- Email / Telephone / Contact details
- Payment Details
- Emergency Contact Details
Website / booking system:
When you visit MINDBODY to book classes at Addictive Fitness Ltd, you will need to provide personal information. We will only use your data for the purpose for which it was collected. We use personal information for purposes of administering our business activities, providing the products and services you requested, to process your payment, to monitor the use of the service, our marketing and promotional efforts and improve our content and service offerings.
How long do you keep my information? When does the ‘right to be forgotten’ apply
The ‘Right to be Forgotten’ applies when the personal data is no longer necessary for the purpose, which we originally collected or processed it for.
However please note it is a condition of our Insurance Policy and generally accepted UK wide to take and retain client records. These records shall be kept for at least 7 years following the last occasion on which treatment / session was given. In the case of treatment / session involving minors, it is advisable that records should be kept or at least 7 years after they reach the age of majority (18). After which your information will be securely erased as requested.
How do you store my information?
Your personal information is kept (if on paper) via a locked fireproof cabinet. If your personal information is kept online it will be securely via those listed below.
What systems that are online is my information kept and therefore have their own GDPR policies?
Booking System Payment System Other
- Go Cardless
Who has access to my information?
Only those who need to see your information to fulfil the business requirements will see your information.
This will be your Addictive Fitness Ltd instructors:
- Karen Gaunt
- Ellie Bradsell
- Amie Beth Sabin
- Katey McCorkell
- Naomi Scott
- Jennifer Gardner
- Sofia Adams
- Alison Williams
- Elli Cooper
Personally identifiable information or business information will not be shared with parties except as required by law.
What about legally compelled ‘disclosure of information’?
We may disclose information when legally compelled to do so, in other words, when we, in good faith, believe that the law requires it or for the protection of our legal rights. We may also disclose account information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our Terms of Service or to protect the safety of our users and the Public.
Can I see what information is held about me?
Individuals have the right to access their personal data and supplementary information known as a ‘Subject Access Request’. The fee of £30 per request is based on the administrative cost of providing the information. Information will be provided without delay and at the latest within one month of receipt.
However, please note you do have access to all of the information we hold, which you have provided via your booking account. The above administrative fee would apply if you wish to have physical copies of such information.
Sharing and selling information
We do not share, sell, lend or lease any of the information that uniquely identify a client (Such as email addresses or personal details) with anyone except to the extent it is necessary to process transactions or provide services that you have requested.
Can I have my information updated?
Most certainly yes, we request that your information is as up to date as possible in order for us to provide the best services possible. You have the right to have inaccurate personal data rectified, or completed if it is incomplete, or you can make a request for rectification in writing. We have one calendar month to respond to a request from date of receipt, although for reasons stated above we will endeavour to meet such request as soon as physically possible.
Do you review the GDPR and privacy information?
We will post any changes here, so be sure to check periodically.
Acquisition or changes in ownership
In the event that the company and/or website (Or a substantial portion of its assets) is acquired, your information would be considered part of those assets, and may be part of those assets that are transferred.
Our commitment to data security
Please note that your information will be stored and processed on our computers in the United Kingdom. The laws on holding personal data in the United Kingdom may be less stringent than the laws of your Country of residence or citizenship. To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
When you visit the websites listed below, you will provide us with two types of information: personal information you knowingly choose to disclose that is collected on an individual basis and websites use information collected on an aggregate basis as you and others browse the websites.
Website use information
Similar to other commercial websites, our website utilises a standard technology called “cookies” (See explanation below) and web server log files to collect information about how our website is used.
Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our websites, the websites visited just before and just after ours listed above.
What are ‘cookies’?
A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each website can send its own cookie to your browser if your browser’s preferences allow it, but (To protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. Browsers are usually set to accept cookies.
A cookie cannot retrieve any other data from your hard drive or pass on computer viruses.
How do we use information we collect from cookies?
This helps us gather feedback to constantly improve our websites and better serve our clients.
Cookies do not allow us to gather any personal information about you and we do not intentionally store any personal information that your browser provided to us in your cookies.
IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer. IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (Such as the Web pages you request) can be sent to you.
What about other websites linked to our websites?
Closed circuit television (CCTV)
Addictive Fitness Limited uses closed circuit television (CCTV) images to protect the Company’s property and to provide a safe and secure environment for instructors and students within the business premises. This policy sets out the details of how Addictive Fitness will collect, use and store CCTV images.
Location of cameras
Cameras are located within Addictive Fitness Ltd studio so that they only cover communal or public areas; on the front entrance and in the main studio. There are no cameras within the toilet facilities, the kitchen or the beauty / treatment room.
There are no hidden cameras, all cameras are clearly visible.
Appropriate signs are displayed so that instructors, students, student parents, and other visitors are aware they are entering an area covered by CCTV.
Recording and retention of images
Images produced by the CCTV equipment are intended to be as clear as possible so that they are effective for the purposes set out above. Maintenance checks of the equipment are undertaken on a regular basis to ensure it is working properly and that the media is producing high quality images.
Images are recorded in constant real-time (24 hours a day throughout the year).
As the recording system records digital images, any CCTV images that are held on the hard drive are deleted and overwritten on a recycling basis and, in any event, once the hard drive has reached the end of its use, it will be erased prior to disposal.
Images that are stored on, or transferred on to, removable media such as CDs or which are stored digitally are erased or destroyed once the purpose of the recording is no longer relevant. In normal circumstances, this will be a period of 12 months]. However, where a law enforcement agency is investigating a crime, images may need to be retained for a longer period.
Access to and disclosure of images
Access to, and disclosure of, images recorded on CCTV is restricted. This ensures that the rights of individuals are retained. Images can only be disclosed in accordance with the purposes for which they were originally collected.
The images that are filmed are recorded centrally and held in a secure location. Access to recorded images is restricted to the director (Karen Gaunt). Viewing of recorded images will take place in a restricted area to which others will not have access when viewing is occurring.
Disclosure of images to other third parties will only be made in accordance with the purposes for which the system is used and will be limited to:
- The police and other law enforcement agencies, where the images recorded could assist in the prevention or detection of a crime or the identification and prosecution of an offender or the identification of a victim or witness.
- Prosecution agencies, such as the Crown Prosecution Service.
- Relevant legal representatives.
- Instructors involved with Company disciplinary and performance management processes.
- Individuals whose images have been recorded and retained (unless disclosure would prejudice the prevention or detection of crime or the apprehension or prosecution of offenders)
The Director (Karen Gaunt) is the only person who is permitted to authorise disclosure of images to external third parties such as law enforcement agencies.
All requests for disclosure and access to images will be documented, including the date of the disclosure, to whom the images have been provided and the reasons why they are required. If disclosure is denied, the reason will be recorded.
Individuals’ access rights
Under the UK’s data protection laws, including the General Data Protection Regulation (GDPR), individuals have the right on request to receive a copy of the personal data that Addictive Fitness Limited holds about them, including CCTV images if they are recognisable from the image.
If you wish to access any CCTV images relating to you, you must make a written request to Karen Gaunt via the email address firstname.lastname@example.org
Addictive Fitness Limited will usually not make a charge for such a request, but we may charge a reasonable fee if you make a request which is manifestly unfounded or excessive or is repetitive. Your request must include the date and approximate time when the images were recorded and the location of the particular CCTV camera, so that the images can be easily located and your identity can be established as the person in the images.
Addictive Fitness Limited will respond promptly within one week, where possible, of receiving a request.
Addictive Fitness Limited will always check the identity of the individual making the request before processing it.
Addictive Fitness Limited will always determine whether disclosure of your images will reveal third party information, as you have no right to access CCTV images relating to other people. In this case, the images of third parties may need to be obscured if it would otherwise involve an unfair intrusion into their privacy.
If we are unable to comply with your request because access could prejudice the prevention or detection of crime or the apprehension or prosecution of offenders, you will be advised accordingly.
Karen Gaunt is responsible for the implementation of and compliance with this policy and the operation of the CCTV system and will conduct a regular review of its use and processing of CCTV images and ensure that at all times it remains compliant with the laws regulating data protection and privacy. Any complaints or enquiries about the operation of the Company’s CCTV system should be addressed to Karen Gaunt at email@example.com.
Addictive Fitness Limited will process the personal data collected in connection with the operation of the CCTV policy in accordance with its data protection policy and any internal privacy notices in force at the relevant time. Inappropriate access or disclosure of this data will constitute a data breach and should be reported immediately to Karen Gaunt.