Feel Welcome, Feel Listened to, Feel Safe
Every day my business will receive, use, and store information about a range of data subjects, including customers, suppliers, and general enquiries. This policy sets out how I ensure that this information is processed lawfully and appropriately, in line with the requirements of the Data Protection Act 2018 and the General Data Protection Regulation (collectively referred to as the ‘Data Protection Requirements’).
I take my data protection duties seriously, because I respect your privacy. I will not sell or otherwise transfer your information to third parties for any purpose.
My company "Anne Robin" is responsible for ensuring compliance with the Data Protection Requirements and with this
policy. Any questions about the operation of this policy or any concerns that the policy has not been followed should be referred in the first instance to me by contacting me at firstname.lastname@example.org
Personal data means data (whether stored electronically or paper based) relating to a living individual who can be identified directly or indirectly from that data (or from that data and other information in our possession). Processing is any activity that involves use of personal data. It includes obtaining, recording, holding or transferring data; organising, amending, retrieving,
using, disclosing, erasing or destroying it.
I hold your name, telephone number, postal and email address in order to communicate with you regarding our sessions or any issues relating to our contract. I also keep a record of your date of birth and GP practice contact details as part of my safeguarding procedure.
Your data is stored digitally and in paper form and to keep it safe it is protected both in a locked cabinet and by a firewall & network security, anti-virus software and other safeguards. Only my professional will executor and I will have access too your data.
If I believe your details have been compromised (eg through a data breach) in anyway
I will inform you as soon as possible of becoming aware.
The Data Protection Requirements are not intended to prevent the processing of personal data, but to ensure that it is done fairly and without adversely affecting the rights of the individual. In accordance with the Data Protection Requirements, I will only process personal data where it is required for the following lawful purposes: where the processing is necessary for performing a contract with the individual, for compliance with a legal obligation, in the legitimate interests of the
business, or where the individual has given their consent.
I will ensure that personal data I hold is accurate and kept up to date. I will check the accuracy of any personal data at the point of collection and at regular intervals afterwards. I will take all reasonable steps to amend or destroy inaccurate or out-of-date data. From time to time I may ask you to refresh your details and consent where I feel the data is out of date. If your data is inaccurate you can contact me and I will amend it.
I will not keep personal data longer than is necessary for the purpose or purposes for which it was collected. I will take all reasonable steps to destroy, or erase from my systems, all data which is no longer required.
I will process all personal data in line with data subjects’ rights, in particular their rights to:
At any time you have the right to withdraw your consent, ask me to remove your data from my system by emailing me at email@example.com.
I will act on your request and confirm with you that this has happened.