Data Protection Principles.
I will comply with the General Data Protection Legislation. This says that the personal information I hold about you must be:
1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that I have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes I have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary, for the purposes I have told you about.
6. Kept securely.
Law Enforcement, Legal Requests and Duties.
Where permitted by local data protection laws, I may disclose or otherwise allow others access to your personal information pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if I have good faith and belief that the law requires me to do so, with or without notice.
The information I collect.
The information I collect about you will vary but might include your;
date of birth
bank details (where you pay via my online application)
How I collect your personal information.
Your personal information will either be collected digitally through my website; phone; by email, or on a paper form.
Why I collect it.
I collect your personal data so that I can:
inform you about the services I offer such as yoga courses and classes
book you on to courses and classes
take payments from you for services you sign up to
keep you up to date with any changes such as cancelled or additional classes.
Inform you about health and safety (where I ask you to complete a medical history questionaire)
complete legal disclaimer statements
Those who have access to your personal data.
I am currently a sole trader so I am the only person that has access to most of your personal data. gideonsyoga.co.uk website is hosted and managed by Wix.com inc. and your personal information will be transferred and processed via the “WixHive API” on my behalf. When you sign up to receive email updates either directly with me or through my website then your name, email address and IP address will be processed by Wix.
Please read the paragraph belows from Wix’s privacy notice:
(When you access my website you become a user-of-user according to Wix’s terminology I am the user).
"8.1. Third Party Services;
Wix has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, domain name registrars, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, session recording and remote access services, performance measurement, data optimization and marketing services, content providers, and our legal and financial advisors (collectively, “Third Party Service(s)”).
Such Third Party Services may receive or otherwise have access to our Visitors’ and Users’ Personal Information and/or Users-of-Users’ Personal Information, in its entirety or in part – depending on each of their particular roles and purposes in facilitating and enhancing our Services and business, and may only use it for such purposes.
Wix is accountable for Personal Information that it receives under the Privacy Shield and subsequently transfers to a third party as described in the Privacy Shield Principles. In particular, Wix remains responsible and liable under the Privacy Shield Principles if third-party agents that it engages to process the Personal Information on its behalf do so in a manner inconsistent with the Principles, unless Wix proves that it is not responsible for the event giving rise to the damage.
Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
When you make a direct payment through my website.
All direct payment gateways offered by Wix.com and used by the company adhere to the standards set by PCI-DSS (Payment Card Industry Data Security Standards) as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by their store and its service providers. The transmission of sensitive payment information (such as a credit card number) through their designated purchase forms is protected by an industry standard SSL/TLS encrypted connection; and they regularly maintain a PCI DSS certification.
How I protect data.
All digital data is password protected.
Written data is stored in a locked cabinet.
How long I keep data.
I will keep your data for seven years after the last date you used my services where this date can be reasonably ascertained.
You have a number of rights as a `data subject’ you can:
• access and obtain a copy of your data on request;
• ask me to change incorrect or incomplete data;
• ask me to stop processing your data, for example where the data is no longer necessary for the purposes of processing;
• object to the processing of your data where I am relying on my legitimate interests as the legal ground for processing.
If you believe that I have not complied with your data protection rights, you can complain to the Information Commissioner on the ICO Helpline;
Telephone 0303 123113