Data Protection Policy
The General Data Protection Regulation (GDPR) is an EU Law that came into effect for the UK on 25 May 2018, replacing the current Data Protection Act.
In this policy, ‘Personal data’ means any information relating to a natural person.
I am required to collect personal data so that I can safely and effectively instruct you in baby/child massage and yoga. I will not share your personal data with any 3rd parties, unless required by law to do so. I do all that I can to keep your information secure at all times.
(The sections in bold are the relevant terms used in the General Data Protection Regulation, GDPR, the law)
There are 6 privacy principles which form the core of the GDPR conditions:
Lawfulness, fairness and transparency – inform subject of what, how and why personal data is collected, used and stored
Purpose Limitations – only use personal data for specific and legitimate purposes
Data Minimization – only collect personal data that is necessary for the business function
Accuracy – personal data must be correct and up to date
Storage Limitation – only keep personal data for as long as it is required
Confidentiality – appropriately protect personal data.
In accordance with these principles, I collect personal information relating to you and your baby/child (including, but not limited to, email address, telephone number, date of birth of baby/child, health of you and your baby/child and cultural beliefs) for the purposes of Vital Cores massage and yoga classes only, thereby establishing a Legitimate Interest.
I use the collected information to communicate with you regarding your booked Vital Cores classes; to provide age appropriate and safe massage strokes, movements and stretches; and to be aware of and sensitive to cultural beliefs with regards to childcare practice. This is in your Legitimate Interest.
Your requesting to join one of my classes and my agreement to provide that class constitutes a Contract.
Provided that I have your Consent, I may occasionally send you information about other services that Vital Cores offers. You may withdraw this consent at any time.
I endeavour to keep information that is correct and will rectify any mistakes upon notification. If any previously provided information changes, or if any new information is necessary for the efficient and safe running of massage and yoga classes, upon notification I will make changes as soon as possible so that the data held is accurate and up-to-date.
I have a legal obligation to retain your data for 8 years after your most recent class, but after this period you can ask me in writing to delete your records if you wish, as you have ‘the Right to be Forgotten’.
Your data is stored:
on paper, in locked filing cabinets.
electronically (using Google). This provider has assured that they are fully compliant with the General Data Protection Regulations.
on my laptop. This is password-protected and backed up regularly.
You have the right to request a copy of all the personal information that I hold on you. I will provide this information in a timely manner in accordance to the timeframes established by the GDPR.
I want you to be absolutely confident that I am treating your personal data responsibly and that I am the only person who can access your personal data.
Of course, if you feel that I have mishandled your personal data in some way, you have the right to complain. Complaints need to be sent to me as the sole Data Controller of Vital Cores. Here are the details you need for that:
44 Camborne Road
If you are not satisfied with my response, then you have the right to raise the matter with the Information Commissioner’s Office.
Last Updated: 16 May 2018