The way we collect, store an use personal data is changing from 25th May 2018 with the introduction of the General Data Protection Regulation.
As a health and fitness professional, I need to collect a substantial amount of personal information. In the main this is done through health questionnaires (PAR-Q) and parental consent forms for my children's classes. Email addresses/ phone numbers may be collected via enquiry forms on this website or zumba.com.
In light of this, I have audited the way I collect, use and store data, and have summarised below what my policy is going forward.
I do not, and never will, share information with third parties. Any data or personal information collected is used solely in connection with my work as a dance and fitness instructor.
We at Nic Appleton Dance & Fitness want to make sure all the personal information we have collected about you, is safe and secure whether we collect it through our website here, or from other sources. This Policy set outs our commitments to you, in compliance with and beyond the General Data Protection Regulation (commonly known as the GDPR) and explains how we collect, store and use your personal information.
We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we not required to do so, but I (NIc Appleton) have overall responsibility for data protection compliance in our organisation. If you have any questions about this Policy or what we do with your personal information, their contact details are set out in the "Contact" section below.
Collecting specific, relevant personal information is a necessary part of us being able to provide you with any services you may request from us or in providing services to our customers and members or just managing our relationship with you.
When we hold or use your personal information as a data controller (see below for a description of what this is) we will provide you with a privacy notice which sets out in detail what information we hold about you (such as your contact details, address, etc.), how your personal information may be used and the reasons for these uses, together with details of your rights.
Where we collect personal information from you directly, we will provide this privacy notice at the time we collect the personal information from you. Where we receive your personal information indirectly, we will provide this privacy notice when we first contact you, first pass the data to someone else or within a month, whichever is the earlier.
We will only provide this privacy notice to you once, generally at the start of our relationship with you. However if the applicable privacy notice is updated substantially, then we may provide you with details of the updated version. You are encouraged to check back regularly for updates.
THE DIFFERENCE BETWEEN DATA CONTROLLERS/PROCESSORS
A data controller is a person who controls how personal information is processed and used. A data processor is a person who processes and uses personal information in accordance with the instructions of a third party, i.e. the data controller.
This distinction is important. You have certain rights in relation to your personal information, for example the right to be provided with the personal information held about you and details of its use and the right to have certain of your personal information either erased or anonymised, commonly referred to as the right to be forgotten (see below to see what rights you have). These rights can generally only be exercised against a data controller of your information.
In most cases we will be a data controller of your personal information. In any case where we are not a data controller this means that you cannot exercise these rights against us directly (i.e. where we only act as a data processor), but you can do so against the data controller (i.e. the person who controls how we process the personal information). In these cases we will endeavour to inform you who is the data controller of your personal information so that you can direct any such requests to them.
Also it is only a data controller that will provide you with a privacy notice about your personal information, so where we process your personal information as a data controller we will provide you with a privacy notice. Where we process your personal information as a data processor for a third party, that third party should provide you with a privacy notice which will set out details regarding the processing of your personal information, which should also include the processing to be carried out by us on their behalf.