JANE THOMAS PILATES PERSONAL DATA AND PRIVACY POLICY
INTRODUCTION TO JANE THOMAS PILATES JANE THOMAS PILATES is a fitness and general health organisation, established in 2001 and is a sole trader business. The basis of the company is that we provide small-group matwork Pilates classes in several venues around the local area. PERSONAL DATA AND PRIVACY In order for Jane Thomas Pilates to fulfil its function, we process personal data which relates to participants of our classes. Jane Thomas Pilates is committed to maintaining the appropriate confidentiality, integrity and security of personal data that we process by complying with both our legal and ethical obligations in respect of data protection and privacy. This policy sets out the principles Jane Thomas Pilates adheres to when processing personal data and outlines the operational aspects of our various data processing activities. WHAT PERSONAL DATA DO WE COLLECT? Personal data is any information relating to an identifiable living individual. We collect information about individuals in three distinct ways:
1 Personal/contact information: names, gender, contact (telephone, email, address, and dates of birth), as well as specific health details directly related to Pilates participants. These details are supplied to us by a participant on a pre-exercise health questionnaire that all participants must complete for our insurance purposes, prior to exercising with us. The data on this questionnaire is held securely for as long as a participant remains with us.
2 Newsletter: our weekly Newsletter is sent to anyone who actively subscribes to it by entering their email address and name in a signup box on our website. The Newsletter mailing list of names and email addresses is maintained on AWeber. As subscribers sign up to the Newsletter themselves through our website signup box, this ensures that subscribers have knowingly opted in to receive the Newsletter. We do not add subscribers ourselves, and we do not pass subscribers’ email details to any third party.
3 Payment information: if participants join our Monthly Payment Plan we process details of their chosen payment card onto our banking system (Worldpay). Once these card details are entered into the system we shred and delete any paperwork containing participants’ details. Also, once card details are entered onto our banking system we can no longer see those details.
If individuals choose to supply any other information we handle this securely and treat it with appropriate confidentiality.
WEBSITE VISITORS We do not track activity of visitors to our website. Any cookies used are purely to aid viewers’ site experience.
WHAT DO WE DO WITH YOUR PERSONAL DATA? Jane Thomas Pilates will use the personal data provided on pre-exercise health questionnaires to give participants the most appropriate Pilates experience.
We will also use the contact details supplied by participants on the pre-exercise health questionnaire to provide them with information on their specific classes and sessions. For example if a class is to be cancelled by adverse weather conditions we will email, text, or call clients to let them know. Subscribers to our Newsletter can opt-out of receiving the Newsletter or change their preferences at any time by using the ‘Unsubscribe’ or ‘Change Subscriber Options’ links provided at the very bottom of each Newsletter, or by contacting: Jane Thomas Pilates, 9 Great Central Road, Loughborough LE11 1RW, or via email to office @ janethomaspilates.co.uk.
WHAT IS THE LEGAL BASIS FOR OUR DATA PROCESSING? By law, Jane Thomas Pilates may only process personal data where it has a legal justification or requirement to do so.In accordance with that law, Jane Thomas Pilates processes personal data as described above because it is:
◆Necessary for the performance of our Pilates classes and sessions with our participants: and/or
◆Necessary for the purposes of Jane Thomas Pilates’ legitimate interests, namely to fulfil its function as a fitness and health organisation in accordance with applicable law and regulations and to conduct and manage our relationship with specific individuals. Where we use your personal data for Jane Thomas Pilates’ legitimate interests, we make sure that we take into account any potential impact that such use may have on you. If we believe your interests or fundamental rights and freedoms override our legitimate interests then we will not use your personal data on this basis and may seek your specific consent, and/or
◆Necessary for compliance with its legal obligations.
Jane Thomas Pilates would not be able to fulfil its function as a fitness and health organisations safely without processing personal data as described in this policy. If you have any concerns about our processing please refer to details of “Your Rights in Relation to Personal Data” below. YOUR RIGHTS IN RELATION TO PERSONAL DATA Individuals whose personal data we process have certain rights in respect of that data, including:
◆RIGHT TO INFORMATION AND ACCESS — You have the right to request access to the information that we hold about you.In accordance with data protection laws, participants also have the right to receive a copy of any information we hold about them. On request, Jane Thomas Pilates will provide participants with copies of their personal data in a convenient format. Where technically feasible, Jane Thomas Pilates will also meet any participant’s request to transfer their data to a third party.
◆RECTIFICATION, ERASURE, AND RESTRICTION — You have the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances. In responding to such requests, Jane Thomas Pilates will communicate to the individual concerned the impact of such restrictions or deletions, for example, on Jane Thomas Pilates’s ability to teach Pilates classes on their behalf.Jane Thomas Pilates takes reasonable steps to ensure that the personal data it holds about you is accurate and up-to-date and we will comply with any requests to rectify any inaccurate data we may hold about you. Requests for access to information regarding personal and financial information should be made in writing to Jane Thomas Pilates, 9 Great Central Road, Loughborough LE11 1RW, or via email to office @ janethomaspilates.co.uk, or by phone 07778019765.
◆RIGHT TO OBJECT — You have the right to object to Jane Thomas Pilates using your information on the basis of its legitimate interests and the right to ask us not to process your personal data where relevant (see “What do we do with your personal data?” section above).
Jane Thomas Pilates is committed to respecting individuals’ rights. You may action your rights by contacting us using the details provided above and we will comply with your requests unless we have a lawful reason not to do so. Jane Thomas Pilates will endeavour to handle any requests within a reasonable period and, in any event, within a month of the original request. HOW JANE THOMAS PILATES MIGHT SHARE YOUR PERSONAL DATA Jane Thomas Pilates will only share personal data with third parties in the following three ways:
1 OTHER HEALTH PROFESSIONALS — with your express permission Jane Thomas Pilates will share relevant personal data with other health professionals, intended solely for your benefit.
2 SERVICE PROVIDERS AND SUPPLIERS — Jane Thomas Pilates may employ:
◆external IT consultants to provide support and development services in relation to Jane Thomas Pilates’ systems and databases. These consultants may from time to time need to access information which may contain personal data for the purposes of systems testing and development.
◆third party providers to facilitate certain communications on its behalf, such as mail-outs providing notices of company meetings and elections, which requires them to access contact data. All such third parties are vetted by Jane Thomas Pilates to ensure they provide adequate levels of security when processing data.
3 GENERAL — In some circumstances, Jane Thomas Pilates may need to share your personal data where necessary with other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
In all cases we require third parties to maintain appropriate security and confidentiality to protect information from unauthorised access or processing. DATA SECURITY Jane Thomas Pilates will take appropriate technical and organisational measures to protect the personal data we transmit, store or otherwise process against accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access.To this end, data stored on Jane Thomas Pilates computers and portable devices is password protected, and we do not send personal data of any participant over email.
The members’ area of the Jane Thomas Pilates website requires entering a username/email address and password which is encrypted and known only to the member.
Debit or credit card details that participants provide to Jane Thomas Pilates to pay for services are entered onto our secure banking system which takes single payments and automatic monthly payments on our behalf. Once card details are entered, the information cannot be viewed fully again (card numbers are masked out eg, ****1111).
All paper pre-exercise health questionnaire forms are scanned into electronic format and stored on a database which is password and firewall protected. The paper forms are shredded. On a daily basis participants’ personal data are backed up to a secure location. Unfortunately, as no data transmission over the Internet can be guaranteed to be 100% secure, Jane Thomas Pilates cannot guarantee the security of any Internet communication or transmission, though we strive to protect your personal data online, including through use of encryption and other measures. If you have reason to believe that your interaction with us is not secure, please notify us of the problem immediately by contacting us using the details below.
Prior to introducing new systems or technologies relevant to the processing of personal data, Jane Thomas Pilates will undertake the necessary impact assessments with a particular focus on any associated risks, and the system will be detailed here in our Personal and Data Privacy Policy. HOW LONG DOES JANE THOMAS PILATES RETAIN PERSONAL DATA? Jane Thomas Pilates will only retain personal data for as long as is necessary to provide our services or for as long as we reasonably require to retain the information for our lawful business purposes or comply with a statutory or other legal requirement. Please contact us if you require further information about our retention policies. DATA BREACHES In the event of any breach of Jane Thomas Pilates systems impacting on the security of a participant’s or any other individual’s personal data, Jane Thomas Pilates will inform the affected participant(s) or individual(s) at the earliest opportunity describing the nature of the breach, the possible consequences and the measures being taken to remedy the situation in accordance with our procedures and applicable law. COMPLAINTS If you are unhappy with the way in which Jane Thomas Pilates processes your personal data, please contact us using the information provided below. You also have the right to lodge a complaint before the Information Commissioner’s Office (ICO), which is the UK data protection authority. Their contact details as are follows: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Telephone: 0303 123 1113 or 01625 545 745; or see their website here. CONTACT US Please direct any comments or enquires relating to this policy to: Jane Thomas Pilates, 9 Great Central Road, Loughborough LE11 1RW, or via email to: office @ janethomaspilates.co.uk. UPDATING THIS POLICY From time to time we may change our data processing activities. We will notify you of any changes to this policy as required by law. We will also post an updated version on our website. Date: 1st April 2018