DATA PROTECTION POLICY
Yoga Focus complies with the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018 in respect of all data it collects and in making sure such data is used appropriately. Yoga Focus only collects data that is required for the purpose of running yoga courses.
1) Reasons for holding clients’ data
- Contractual necessity – when we need to process a client’s personal data to perform a contract we have with them such as the provision of a yoga course
- Legitimate interest – where we have a genuine and legitimate interest so long as this is not outweighed by harm to an individual’s rights. For example we require health information to protect clients during a class and make necessary adjustments to meet their needs.
- Consent – we will obtain client’s written consent to hold data as part of the registration process.
- Vital interests – if it is necessary to protect someone’s life
- Legal obligation – where we may need to process client’s data because we have a legal obligation to do so
2) Data that we will keep
We will hold data for a period of seven years from the date that a client registers for a course. After that period all data will be destroyed unless there are outstanding legal reasons to retain it for longer. Clients have a right to complain to the Information Commissioner’s Office if they have reason to believe there is a problem with the way we handle their data.
We may amend out data protection policy from time to time if required to do so by changes in the law or technological advances. All or any such updates will be available on the Yoga Focus website
4) Subject Access Requests (SAR)
We will respond to clients as soon as reasonably possible and in any event within 30 days if a client submits a request for information in writing to us.
5) Data Breaches
We have procedures in place to report and investigate a personal data breach and will notify the Information Commissioner’s of a breach to personal data which is likely to result in a risk to the rights and freedoms of individuals such that could result in discrimination, damage to reputation, financial loss, loss of confidentiality, risk of embarrassment or any other significant economic or social disadvantage.
6) Appoint someone to take a lead
Nikki Jackson is appointed to take the lead in respect of data protection.
7) Sharing Information with a Third Party
We will not share your data with third parties without your express permission to do so