WHAT IS ‘GDPR’
On 25th May 2018 the GDPR comes into force. This is new legislation which requires that businesses justify why it is necessary for them to hold some data about their customers and explain what personal data they store and how it is processed. It also requires that businesses inform you of your right to view data held about you and/ or have this information deleted at any time if you wish
The Data SHTC holds about their customers is very minimal and not especially ‘sensitive’ – eg I don’t ask for your credit card / bank details as I only deal in cash transactions. I don’t collect your physical street address or phone number.
WHAT IS COLLECTED, HOW IT IS PROCESSED AND WHY IT IS NEEDED
1. Paper registration form – name, email address and signature (required by my PL Insurance) – stored in a box in my loft
2. Paper class register – your name and amount paid each week (required by Inland Revenue) – carried to classes
3. Email Account -I transfer your name and email address from the registration form and / or your original email enquiry to my email address book (to make it easy to communicate with you about class cancellations etc) I will add your contact record to list/s within my email account pertaining to the class/es you attend so I can send a simple group email to a specific class group.
WHY WE ASK YOU TO CONSENT TO YOUR DATA BEING STORED & WHAT ELSE MIGHT BE STORED AS WELL AS EMAIL AND NAME?
If you consent to your Data being stored I will never share it with anyone except, in certain circumstances, my Insurance Company – see below*
Storing your email address is that I can quickly notify you of classes that are cancelled and communicate with you occasionally about other events which may be of interest. All emails are sent ‘BCC’ this means your email address isn’t visible to anyone else
Data stored will consist of your name, email address, date you first attended the class and what class you attended. * I may make a note of anything you told me about a health condition you mentioned and any advice I gave you, as this is required by my insurance company in the event of a claim being made against my policy. This may be stored on your registration form paper copy and / or electronically on your Contact Record in my email address book.
EXAMPLE OF DATA STORED
The following is an example of the type of data record I keep
For example: Cherry Collins, enquired via my website on 12/8/17 about Monday Hawley Qigong. Came along to class on 13/9/17. Cherry is a Tai Chi Teacher, Red hair, Says she gets asthma and carries an inhaler in her bag. I asked her to get her Doctors consent to do Qigong in respect of her astham as I couldn’t offer advice on this myself when she asked. Works shifts so might alternate between days and eves. Came back to Monday Hawley Qigong class on 5/10/17, her doctor says it’s fine to take part she says. Found us via a recommendation by her sister Joan Belshaw who attends the Thursday Aldershot class……. Jan 2018 – going to China for 2 months so won’t be back till march – keep her on the mailing list, she’s says she’s loving it. Also interested in Chen Tai Chi when we have a new intake – added her to Chen waiting list.
I keep this type of additional info to help me to help you in a medical emergency & for insurance reasons and other info because it helps me to remember you, so that I can add a personal touch – how was your holiday in China, is your sister still enjoying the classes, how’s your asthma been since you started the classes etc– because we all need to feel connected
HOW I PROTECT YOUR DATA
No one has access to your registration forms apart from me (and a cover teacher if applicable on your first visit)
No one has access to the info stored in my email address book apart from me
My computer and phone (email access points) are password protected
Passwords are changed monthly. Both my phone and computer are protected with up to date antivirus software. If I ever dispose of my computer I will format the hard drive or drill a hole through the hard disc is the computer had broken down
Paper copies of registration forms will be burnt when the time comes to dispose of them.
LINKS / INTERNET SAFETY
I keep a backup of your name and email address on my computer. No-one else has access to my computer. The computer is password protected. The backup would be used to restore data to my email account should it be lost. It would also be used to notify you in the unlikely event that my email account was hacked and your data compromised.
WHAT IF YOU DON’T WANT TO CONSENT?
Without a valid registration form you will not be eligible to participate in my classes, as per the terms of my Public Liability Insurance. If you consent to me holding a paper registration form and your name in my paper register, but not to holding any electronic Data, then you may still participate in classes but you will not be notified of class cancellations / holidays or venue access codes