As you may be aware there is new Data Protection Legislation coming in to force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR), is EU wide legislation, and is currently being enacted into UK law and will become the 2018 Data Protection Act.
As a client of KPole Dance and Fitness, we are updating you to advise you how we will be handling your data to comply with the new General Data Protection Regulation (GDPR).
We have created this privacy statement for in order to demonstrate our firm and continuing commitment to the privacy of personal information provided by those visiting and interacting with. We hold the privacy of your personal information in the highest regard.
We recognise the importance of protecting your privacy and our policy is designed to assist you in understanding how we collect, use and safeguard the personal information you provide to us and to assist you in making informed decisions. This policy will be continuously assessed against new technologies, business practices and our customers’ needs.
The name and contact details of our Organisation(s): KPole 07800793337 [email protected]
Who is the Data Protection Officer (DPO)? Kim Clifton
What data do we hold / collect? Your Name Address DOB Health Conditions Fitness Lifestyle / Activities Email / Telephone / Contact details Payment Details Emergency Contact Details
We carry out targeted marketing activity to ensure that our communication with you is as relevant and timely as possible, and provides the best experience of accessing KPole’s services. In doing so, we may supplement what we know about you with information from third party sources to help us better understand your background and ensure any notifications are tailored to you and your interests. This also helps us not to send irrelevant or inappropriate communications to our clients, so that we can operate as cost effectively as possible. These third party sources may provide us with the following information:
Facebook marketing We may participate in Facebook’s ‘Custom Audience’ programme, which enables us to display ads to our existing clients when they visit Facebook. We provide your email address, mobile number and address to Facebook so they can determine whether you are a registered account holder with them. Our adverts may then appear when you access Facebook. Your data is sent in an encrypted format that is deleted by Facebook if it does not match with a Facebook account.
For more information please see https://www.facebook.com/business/help/744354708981227 and Facebook’s Data Policy at https://en-gb.facebook.com/policy.php.
What does giving Consent mean? Consent means that the individual (You) have given clear consent for us the business to process your personal data for a specific purpose.
How did you get this data? ‘Explicit Consent’: You freely and knowingly provided your personal data when you booked a class / course / session or service from the organisations listed above therefore you have given ‘Explicit Consent’ for us to hold your data for purposes of providing said service.
‘Informed Consent’: In addition when booking a class / course / session or service from the organisations listed above you will have been asked to give ‘Informed Consent’ for us to process your data for purposes of marketing.
You can at any point ‘Opt Out’ of receiving our marketing emails. After unsubscribing we will discontinue sending the particular messages as soon as technically feasible.
Surveys & Contests: From time-to-time our organisation may request information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose this information.
Information requested may include contact information (Such as name and shipping address), and demographic information (such as post code, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of the websites.
What is the purpose of processing my Data? We will only use your data for the purpose for which it was collected.
Broadly speaking, we use personal information for purposes of administering our business activities, providing the products and services you requested, to process your payment, to monitor the use of the service, our marketing and promotional efforts and improve our content and service offerings, and customize our site’s content, layout, services and for other lawful purposes. These uses improve our services and better tailor it to meet your needs.
How long do you keep my information? / When does the ‘Right to be Forgotten’ apply? The ‘Right to be Forgotten’ applies when the personal data is no longer necessary for the purpose, which we originally collected or processed it for.
However please note it is a condition of our Insurance Policy and generally accepted UK wide to take and retain client records. These records shall be kept for at least 7 years following the last occasion on which treatment / session was given. In the case of treatment / session involving minors, it is advisable that records should be kept or at least 7 years after they reach the age of majority (18). After which your information will be securely erased as requested.
How do you store my information? Your personal information is kept (if on paper) via a locked fireproof cabinet. If your personal information is kept online it will be securely via those listed below.
What systems that are online is my information kept and therefore have their own GDPR policies?
Booking System Payment System Other
· Go Team Up · PayPal · Stripe . Go Cardless · Mailchimp (Marketing) . Facebook
Who has access to my information? Only those who need to see your information to fulfil the business requirements will see your information. This will be your KPole instructors: Kimberley Clifton Pam McGhee Eleanor Graves Kirsty Hall
Personally identifiable information or business information will not be shared with parties except as required by law.
What about legally compelled ‘Disclosure of Information’? We may disclose information when legally compelled to do so, in other words, when we, in good faith, believe that the law requires it or for the protection of our legal rights. We may also disclose account information when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be violating our Terms of Service or to protect the safety of our users and the Public.
Can I see what information is held about me? Individuals have the right to access their personal data and supplementary information known as a ‘Subject Access Request’. The fee of £30 per request is based on the administrative cost of providing the information. Information will be provided without delay and at the latest within one month of receipt.
However, please note you do have access to all of the information we hold, which you have provided via your booking account. The above administrative fee would apply if you wish to have physical copies of such information.
Sharing & Selling Information: We do not share, sell, lend or lease any of the information that uniquely identify a client (Such as email addresses or personal details) with anyone except to the extent it is necessary to process transactions or provide services that you have requested.
Can I have my information updated? Most certainly yes, we request that your information is as up to date as possible in order for us to provide the best services possible. You have the right to have inaccurate personal data rectified, or completed if it is incomplete, or you can make a request for rectification in writing.
We have one calendar month to respond to a request from date of receipt, although for reasons stated above we will endeavour to meet such request as soon as physically possible.
Acquisition or changes in ownership: In the event that the company and/or website (Or a substantial portion of its assets) is acquired, your information would be considered part of those assets, and may be part of those assets that are transferred.
Our commitment to data security: Please note that your information will be stored and processed on our computers in the United Kingdom. The laws on holding personal data in the United Kingdom may be less stringent than the laws of your Country of residence or citizenship.
To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
Website Use Information: Similar to other commercial websites, our website utilises a standard technology called “cookies” (See explanation below) and web server log files to collect information about how our website is used.
Information gathered through cookies and web server logs may include the date and time of visits, the pages viewed, time spent at our websites, the websites visited just before and just after ours listed above.
What are ‘Cookies’? A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a website, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each website can send its own cookie to your browser if your browser’s preferences allow it, but (To protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. Browsers are usually set to accept cookies.
A cookie cannot retrieve any other data from your hard drive or pass on computer viruses.
This helps us gather feedback to constantly improve our websites and better serve our clients.
Cookies do not allow us to gather any personal information about you and we do not intentionally store any personal information that your browser provided to us in your cookies.
IP Addresses: IP addresses are used by your computer every time you are connected to the Internet. Your IP address is a number that is used by computers on the network to identify your computer.
IP addresses are automatically collected by our web server as part of demographic and profile data known as traffic data so that data (Such as the Web pages you request) can be sent to you.
What about other websites linked to our websites? We are not responsible for the practices employed by websites linked to or from our websites or the information or content contained therein. Often links to other websites are provided solely as pointers to information on topics that may be useful to the users of our websites.