Data Protection Policy - May 2018
​
Introduction
​
I will to the best of my ability adhere to the data protection principles of the General Data Protection Regulation (GDPR), effective from 25 May 2018. These are:
​
-
Personal data shall be processed fairly and lawfully.
-
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
-
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
-
Personal data shall be accurate and, where necessary, kept up to date.
-
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
-
Personal data shall be processed in accordance with the rights of data subjects under this Act.
-
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
-
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
​
Use of personal data
The information that you provide on your Health Declaration form will be stored securely in that format. The emergency contact information will be used to inform your nominated contact if an emergency arises during a class. The information you provide on your Health Declaration form may be shared with professional medical personnel with your permission, should the situation arise.
Email enquiries sent to www.yogawithchet.com via the contact form, or to the yogawithchet@gmail.com email address are hosted by Gmail. Your email address and telephone details may be stored electronically on a password-protected computer. Your email or telephone details will be used to contact you in relation to classes or information you have signed up for or expressed an interest in, by me or my representative.
​
The privacy notice on the website and this data protection policy will serve to inform individuals of the use that will be made of the information. Data collected will not be shared with third parties (other than the emergency services if necessary).
​
​
Privacy Notice
​
The data you provide to Yoga with Chet will be stored securely and will be used for the purposes of administering your enquiries and attendance at yoga classes in accordance with the Data Protection Policy, which is available at www.yogawithchet.com and is in accordance with the General Data Protection Regulation.
​
Deletion of data
​
At any time you can request that your records be deleted by sending a message via the website contact form or emailing yogawithchet@gmail.com. The Health Declaration form will be destroyed by shredding within 8 weeks of your last attendance at class. Your email address and any email correspondence will be deleted once your enquiry has been completed or for up to 8 weeks after your last attendance at a class, as appropriate.
​
Right to a copy of information held
On request an individual will be provided with a copy of the Health Declaration form within 40 days of the request. The request can be made in person at your normal class, in writing via the website contact form, or email.
​
Information Security
Personal data on the Health Declaration form is stored securely in the original paper format only, with the exception of your email address, which may also be stored on a password protected personal computer. Your telephone number is only stored on the Yoga Student Record.
​
No personal data will be passed to an individual who is not the individual concerned, except in the case of medical personnel in an emergency in class.
​
Personal data passed on to the individual concerned will be handed to them in person or sent to the home address provided on the Health Declaration form.
​
On receiving or making a phone call I will establish the identity of the caller before disclosing or amending any of their personal data.
​
Care will be taken to prevent virus attacks by ensuring computers have virus protection software and undergo regular software updates and care should be taken when opening email attachments and when visiting new websites.