Nikki Hambling is the data controller and processor .
Our staff are fully aware of these regulations and have been informed via this policy and a staff data processing training plan .
Orchid Fitness is committed to complying with the Data Protection Act 1998, the General Data Protection Regulation (GDPR) from 25th May 2018 and The Privacy and Electronic Communications (EC Directive) Regulations 2003. By using the website, you are consenting to us processing your information in the ways stated here.
What information do we collect and why?
Orchid fitness collects and process your data is usually through consent. Sometimes there is a contractual reason such as being able to process a bank payment or refund. Occasionally there may be a legal reason for collecting data (eg should you have an accident, we may need to provide details of this to the relevant health and safety authorities. )
Orchid fitness may also process your data based on our legitimate business interests for example in order to inform you of dates and times or class changes.
The information we collect may include any of the following:
Any personal details you give us.
Information you type into the website or provide when you join a class or have a massage treatment. This information may include your personal contact data, fitness-related data or health related data. We use this to provide you with the services you request, to tell you about our services, to keep in contact with you. If you contact us by email, via the website, in person or by telephone we may keep a record of your contact information and enquiry and may subsequently use your contact details to respond to your enquiry or send more information about the class or massage you book.
Information which allows us to recognise you,including photographs.
We will always ask for separate permission to use your photograph.
Sensitive Health Data
Orchid Fitness collect any personal health data you provide to us when registering and signing up for our health services. We collect this information to ensure we are offering you the right services and so your safety within the classes / massage can be ensured.
We may ask you for information about your health in order to recommend appropriate exercise regimes or offer our other services.
At present Orchid Fitness does not use direct debit or card payment machines. This may change and if we do, we will process bank card information at the time we take payment. This data is not stored on our systems and is processed on Payment Card Industry Data Security Standard compliant banking systems.
We will record customer comments about how we are performing. With your permission we will share them on the Website and other social media .
Other Sensitive data
Your communications preferences.
We keep a record of any permissions and preferences you give us about what types of communication you are happy to receive from us.
How do we store and protect your personal information?
These are the basic guidelines we use to look after your personal data.
• We do not store your personal medical information online. Your email and phone number will be written on the register and held in an encrypted file for the instructors to access. It may be held on the phone/computer /device memory for the purposes of sending and receiving messages about your attendance and term information.
• We respect your wishes about how we contact you, whether by post, telephone, email or text message
• We will update your information or preferences promptly when you ask us to
• We will respond fully to requests from you to see the information that we hold on you.
• We will not hold your personal information for longer than is necessary for our legitimate business purposes.
• We follow strict procedures when storing or handling information that you have given us. Some information is encrypted, such as payment transactions and password.
• We will never sell your personal information to a third party.
We retain personal information as long as we consider it useful to contact you, or as needed to comply with our legal obligations. Where data is not needed for legal or statutory purposes we will delete this information if you request. I have an obligation to retain records of massage treatments to satisfy the conditions of my Insurance. Currently this is for 7 years.
Your rights to manage your personal data
Accuracy of data
We will always try to ensure the data we hold about you is accurate and relevant. If you believe the information we hold about you is out of date or incorrect, please tell a member of staff or see the contacting us section below. You will need a form of identification to request any changes.
Seeing your data – subject access request
The Data Protection Act 1998 and the General Data Protection Regulation give you the right to know what personal information we hold about you. This is called a Subject Access Request. If you would like to make a request you should write to the Data Controller .Nikki Hambling
Removing your data
If you no longer use our services and products and wish us to delete your personal data we will do this if there are no legal or statutory regulations requiring us to keep this information. Please write to the Data Controller – see contacting us section.
You can contact us using the details below to restrict the processing of your data including some processing we do under legitimate business interests.
Transferring your data
In some circumstances you can ask us to transfer your information to another organisation.
Complaints about how we manage your data
If you are not happy about the way we manage your data please contact us as quickly as possible by contacting the Data Controller – who will investigate your complaint and get back to you as soon as possible.This is Nikki Hambling.
Information Commissioner’s Office (ICO)
The ICO is the UK’s independent authority set up to uphold information rights. You have the right to contact them should you wish. Details can be found on their website: https://ico.org.uk/
Links to other websites
Our websites may contain links to and from external websites, advertisers and affiliates. If you follow a link to other sites please note that these will be governed by their own privacy policies. We cannot accept liability for data use on those websites.
In most instances it is best to contact us at the class you normally attend. We can usually deal with most of your queries here.
You can also contact us through our contact page on our website.
Alternatively, you can write or email our Data Controller Nikki Hambling
Document last updated: 22-5- 2018