The General Data Protection Regulation (GDPR) is a new, Europe-wide law that came into force in May 2018, replacing the Data Protection Act 1998. The GDPR applies to ‘personal data’, which means any information about you that is personally identifiable, like your name, address, email address or phone number, and that is not otherwise publicly available.
There are additional rules in the GDPR for organisations processing special category data, including clinical data i.e. health information. We are additionally bound to follow guidance set by the Department of Health, the Health and Care Professions Council and the Chartered Society of Physiotherapy.
We receive, collect and store certain data from you to enable us to administer your account, and fulfil certain legal requirements.
This policy covers how Fiona Carle Pilates obtains, uses, stores and shares this personal information, and how you can access and request removal of your information.
What type of information do we collect?
The information we collect is mainly contact information such as name, address, telephone number, and email address and communications. Through our third party sites, Acuity Scheduling and Square, we may also collect payment details including credit card payments. You can visit our pages without providing any personal information about yourself, however we may collect the Internet Protocol (IP) address used to connect your computer to the internet. We may also collect personal information about your health in paper form.
How do we collect personal data?
This information may be collected via our website, our Facebook page, our scheduling application or any other way. We collect personal information regarding your health, via a pre-participation Heath Questionnaire.
What do we use this personal data for?
We use your personal data for our scheduling software, enabling you to book appointments and to process your payments. We use the clinical information to ensure we provide a safe and effective service to you. Provided we have your consent, we may occasionally send you information about our services, offers or general health information about our services (via the MailChimp application). You may opt out of this at any time. We (or our third parties) don’t collect and process users’ personal information beyond what is legally required for the functioning of our products and services.
How do we store, share and disclose our users’ personal information?
Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. Data is additionally stored on our scheduling application (Acuity Scheduling), for purposes of booking and organising appointments and payments.
Clinical information in paper form is stored in a locked cabinet. Any information provided remains confidential. It will be not be shared with anyone (including your doctor or other health or fitness professional) without your prior consent.
At Fiona Carle Pilates we do not share your data with any third party, other than those utilised to service our business. These third parties are Wix.com, Acuity Scheduling, Square and MailChimp. You can read the Privacy Policies or each of these parties by clicking on their names. We will not disclose any personal information without your permission, unless we are legally obliged to. Our policy is not to sell or share data.
We may store some information (commonly known as a cookie) on your computer when you look at our site. This information facilitates your use of our Site and helps us to provide you with the best level of service. You can erase or block cookies from your computer if you want to (your help screen or manual should tell you how to do this), but certain services may not work correctly if you set your browser not to accept cookies.
Your Right to Access
You have the right to request confirmation that data is being collected and stored. Also, you have the right to be told how it has been obtained, why and where that data is being held. You have the right to a copy of your personal data.
Your Right To Be Forgotten.
You have the right to withdraw consent to any personal data being electronically at any point. All of your data will be removed from electronic sources i.e. scheduling, payment information and mailing list. Clinical information relating to your health is bound by additional guidelines. We have a legal obligation to retain your clinical records for 8 years after your most recent appointment (or age 25, if this is longer), but after this period you can ask us to delete your records if you wish.
How To Contact Us
If you would like to access, correct, amend or delete any personal information we have about you, or have any questions about your data, you may contact us at firstname.lastname@example.org, call us on 07979-916315 or send us mail to 7 Boundstone Road, Farnham, GU10 4TH