GDPR Policy 1.7.2020 v.1
Name: Pilates Southend
Contact Information: firstname.lastname@example.org/07503022525
Data Purpose Lawful Basis
Name To keep accurate records Contract
Address To write to you Contract
Telephone numbers To telephone you Legitimate
E-mail address To e-mail you Legitimate
Age To design fitness programme Legal/contract
Gender To design fitness programme Legal/contract
Date of birth To design fitness programme Legitimate
Health history To ensure safety Legal/contract
Current medical conditions To ensure safety Legal/contract
Current fitness statistics To ensure safety Legal/contract
Exercise logs To measure progress/ensure safety Legal/contract
Height/weight/stats To measure progress/ensure safety Legal/contract
The data is processed, held and used by this company only.
Data will not be transferred to third countries.
The data will be held for the duration of the membership and thirty days after the day of termination to enable members to renew if they so wish.
Membership will deemed to have ceased if no contact is received for six consecutive months.
We will retain data for longer periods upon written request of the client.
Data will be retained at the request of any law enforcement or Government agency.
Electronic data will be stored on removable storage and locked away at the administrative address.
Some data exchanged via e-mail may be stored on our server supplied by www.unlimitedwebhosting.co.uk their GDPR information can be accessed at https://www.unlimitedwebhosting.co.uk/terms/privacy-policy
Only authorised staff will have access to the data.
The removable storage will be password protected.
The individual files will be password protected.
All data will be electronic, where this is not possible, data will be held in locked files.
Data is processed with the lawful basis of consent, legitimate interest, contract or legal necessity.
The legitimate interest for collecting data is to provide a safe service and be able to make contact with you to discuss your services.
The right to be informed – to know why we collect the data and what we do with it.
Full information regarding your rights can be found at www.ico.org.uk
We do not use automated decision-making, including profiling
Your personal data will be collected from:
- Shared to us by third parties (e.g., your GP) with your consent
- Records that we create in the duration of your membership
We will retain written records of your consent to process your data where this is required.
You have the right to withdraw your consent at any time.
The data controller and the data processors work for this organisation and therefore do not require external contracts.
Data is securely at the office premises of the business owner and on unlimited web hosting secure server.
- Data Protection Impact Assessment reports; Records of personal data breaches
We have no records of data protection breaches to display.
We process information concerning your health so that we can safely offer an exercise service to you. Information regarding your health is securely stored and only used for the purposes of delivering an exercise programme that does not contraindicate your current health status.
We request you health information directly from you in our PAR-Q assessment form but we may also generate information from observations at sessions. Where we require further information, we will request the consent and guidance of your GP (or other medical professional working with you) in order to deliver our programme. This information will only ever be used for the purposes or your safety. If it is unsafe for you to exercise we will have to decline our services to preserve your wellbeing.
Your health information is extremely sensitive to you and will therefore only be used by us to provide a service to you.
How to access your data
Please make your request in writing, specifying the data you wish to access and allow 30 days from receipt for processing.
We hope that you do not have cause to complain, however, if you are dissatisfied with any aspect of our service, you can complain in writing or by telephone, please contact us via our website at www.pilatessouthend.co.uk or telephone 07503022525 or e-mail email@example.com. We will try to resolve issues as quickly as possible.