Sustainable Fitness Privacy Statement – March 2021
Information Commissioners Office Registration:
As you may be aware the Data Protection 1998 Act is changing to the General Data Protection Regulation (GDPR) which gives everyone much more control over their own data and how it is processed and shared and ensure transparency from who holds data.
So, we would like to let you know the following:
Reasons/purposes for processing information
We process personal information to enable us to provide treatment and advice to our clients; to promote our services, to maintain our own accounts and records and to support and manage our employees.
Type/classes of information processed
We process information relevant to the above reasons/purposes. This may include:
Enquiries from non-customers – message, name and email address – received via our website or by email – held for up to a year, and used to answer query and follow up.
Mailing list – name and email address – populated by people registering on our website or opting in on an enquiry form.
Health and registration forms from clients – name, contact details and health information – completed via our website or in class – used for client management, and held for at least seven years for insurance purposes.
Booking system – data collected from enquiries and consultation forms – used for appointment management and held for at least seven years for insurance purposes.
Notes on sessions – data collected during sessions – used for treatment management and held for at least seven years for insurance purposes.
Emails – sent from clients and non clients. Important messages are saved in our filing system, otherwise emails retained for up to two years.
Payment data, excluding card information which we do not receive at any time. Received via accounting and banking systems and saved for at least seven years for accounting and tax obligations.
Website cookies – set automatically by our software. We do not knowingly access these or pass to third parties.
Specifically, the personal details we store are:
- family details
- business activities of the person whose personal information we are processing
- lifestyle and social circumstances
- financial details
- education and employment details
- goods and services
We also process sensitive classes of information that may include:
- physical or mental health details
- racial or ethnic origin
- religious or other beliefs
Who the information is processed about
We process personal information about:
- clients
- employees
- suppliers
- professional advisers and consultants
- complainants, enquirers
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themselves and with other third parties. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required by law and for the normal purpose of carrying out our business may we share information with:
- GPs, other professionals involved in the care of the client this is necessary in certain circumstances to complete and fulfil our treatments in an appropriate and safe manner.
For queries about Data Protection, please contact:
Jo Stewart
jo@susfit.co.uk