How, When and Why I collect your information.
When you request to join a class, or a waiting list for a class, I add your name to an email group. Please see below for how I manage mailing lists. When you start a new class, I ask clients to complete a registration form, which asks for Name, contact details, GP contact details, Emergency (next of kin) contact details. This ensures that I am able to contact you, and it also fulfils my professional standards according to Chartered Society of Physiotherapy’s Quality Assurance Standards for Physiotherapy service delivery. I also gather information about your lifestyle, your goals and your medical background. This data constitutes Special category data under GDPR Article 9 (2). This enables me to screen your suitability for the class, and to highlight any particular problems you have, that will require me to make suitable adaptations to the exercises given in class. It’s to help keep you moving safely! Information about your lifestyle and work, also helps me to foster a holistic view of you as a whole person, so that I can be sensitive to any external stresses on your body or mind.
How I store it and keep it secure.
Your records are kept safe in an A4 binder that stays with me during the class. At my home the file is stored in a locked filing cabinet. When you leave the class, your records are transferred to an archive section of the same filing cabinet, and remain there for the legal duration that I am bound to keep them. The Chartered Society of Physiotherapy advises that this duration should be eight years from the date of last treatment for adult records, and for children eight years after their 18 birthday or until 25 years of age.
I may also hold your name and telephone number on my mobile phone, so that I am able to contact you quickly and easily to arrange, change or cancel classes or appointments.
Visitors to the Website
When you visit www.basepilates.co.uk I use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. I do not make, and do not allow Google to make, any attempt to find out the identities of those visiting my website.
My business is still relatively small so I collate my email lists manually and send emails directly from a Google for business account (G Suite). Google has made amendments to its privacy and security protections in order to be GDPR compliant, and I have updated my account to accept their Data Processing Amendment. Google regularly updates users with any changes, and these are reviewed and updated as appropriate. You can find out more information about Google and GDPR here: https://cloud.google.com/security/gdpr/
I usually send out group emails to let clients know about the class times and any changes to that schedule. When I send group emails, I enter the recipients under ‘bcc’ so that nobody else can see your email address. If you’d like to swap email addresses with another client you’ve befriended in class – I’ll leave that up to you! Sometimes I send group emails that are not bcc, and this would occur within a group of friends or colleagues who have commissioned me to teach a class at their workplace or other pre-arranged venue.
If you contact me to find out about classes, I will add your email to the waiting list email group with your consent. If you later tell me you no longer need to be on the waiting list, I’ll remove your details from my database.
Like many small businesses, I use Facebook and Twitter to help share information about my services, and connect with potential and existing clients. It’s fun! You should know that if you choose to interact with me via social media, you are agreeing to the terms and conditions of those platforms.
I don’t routinely share personal information with any third parties. If you were to become unwell during a class, I may then share your information with any attending emergency services, or with your GP if that is more appropriate. If necessary I would also inform the emergency contact person that you have given me on your registration form. Similarly, if I had any concerns about you that you might harm yourself or others, I would be legally obliged to share that information with relevant health and social care providers.
Right to Access your Personal Data
Under the General Data Processing Regulations, 2018 people have the right to access information that we have stored about them.
If you want to view, amend or delete your personal data as is your right, please contact me at email@example.com. Legal exemptions may apply.
Changes to Privacy Notice
This policy was created on the 19th June 2019 and will be reviewed annually, or at any time that my data controlling methods or practices change before that date.