This Data Protection policy will lay out the procedures undertaken by HYBH Sports Therapy to ensure that HYBH Sports Therapy is compliant with relevant data protection legislation. It has been written in accordance with the information provided by the Information Commissioner’s office prior to the release of the GDPR.
ESTABLISHING A LAWFUL BASIS FOR HANDLING DATA
In accordance with Article 5 (2), This policy will document the ‘lawful basis’ by HYBH Sports Therapy to handle data. This ‘lawful basis’ is set out in Article 6 of GDPR. The lawful basis may be as follows:
Where express consent has been given.
HYBH Sports Therapy utilises a mailing list in order to communicate lesson or treatment availability. Express consent must be provided in order to be added to such a mailing list.
No credit card data is stored as all purchases are paid for via BACS.
Legitimate Interests
Data may be collected for legitimate interests such as marketing purposes. This may include the marketing of events.
Legal Obligations
As a service providing manual therapy, a medical form is filled out and signed by any client. This will collect and store data and is documented only in paper form. These files and kept under lock and key.
CONSENT REVIEWS
Any mailing lists have an express option to ‘opt out’ every 3 months.
GATHERING DATA FOR CONTRACTUAL PURPOSES
In accordance with S6 s(1) b attending a course will require the collection of data to enable contractual obligations to be fulfilled. This is a necessary procedure and only minimal data will be collected to enable this to take place appropriately. Such data will include:
Email addresses
Home/business address
Telephone number
The above specified information enables appropriate invoicing to take place. Data will be stored for accountancy purposes only GDPR compliant software. At no point, will data be passed on to any other organisation.