PRIVACY POLICY

 

Poles Apart Nordic Walking Privacy Policy

This Policy sets out the obligations of Poles Apart regarding data protection and the rights of customers, potential customers and business contacts (“data subjects”) in respect of their personal data under the General Data Protection Regulation.

 

The Regulation defines “personal data” as any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. This Policy sets out the procedures that are to be followed when dealing with personal data.

Poles Apart is committed to protecting your privacy. We aim to ensure that all information you give to us is held securely and is only used in a manner that you have consented to. This privacy notice applies to Poles Apart and applies to the personal data you have disclosed to us.

 

This Privacy Notice explains how we collect, store and use your personal data.

 

DATA CONTROLLER

Miss Lynn Pickering is Poles Apart *Data Controller at Registered address of 176 Kingshill Avenue, Worcester Park, KT4 8DB.

 

*A data controller is the person or organisation who determines the purpose for which, and the way, any personal data is processed. The data controller is responsible for establishing practices and policies in line with the Regulations.

 

THE DATA PROTECTION ACT 1998 & General Data Protection Regulation (GDPR) Policy

Poles Apart makes every effort to adhere to the requirements of the UK Data Protection Act 1998. We are seeking to become compliant with the new General Data Protection Regulation (GDPR) Policy. We are seeking to become compliant with the new GDPR Policy coming into effect from 25/05/2018.

 

PERSONAL INFORMATION USE

We will only collect data which is relevant to the purpose for which you have given it. We will never pass it to a third party for marketing purposes.

Collection of personal data by Poles Apart is used for the performance of the contract to which the data subject is party or take steps at the request of the data subject prior to entering a contract.

This is to ensure you receive the materials, resources, services and/or information you may have requested and underpin the existence/functioning of Poles Apart as a provider of Nordic Walking Services.

Only Third Parties enabling Poles Apart to provide these services and fulfil the contract will have permission to receive/collect/store personal data (See the data sources/types outlined below).

 

PERSONAL INFORMATION USED/COLLECTED/STORED

We collect and store data from a variety of interactions with you to enable the daily functioning of the business e.g. administration/communication/archiving purposes and to comply with the legal/regulatory obligations of Poles Apart.

 

These interactions are via a variety of sources Online, Offline, face to face, by post, telephone, photographic or via Text/SMS/Whatsapp. Some of this information is personal data, which can be used to identify you.

 

Personal Data held by the Poles Apart will only be accessed by employees, agents, sub-contractors, or other parties working on behalf of the company that need access to, and use of, personal data in order to carry out their assigned duties correctly.

 

Examples of Personal Data Sources and Types that we collect, and store are below:

 

  • Emails (Communications between Poles Apart and Data Subject and internal or external communications for business purposes (e.g. Administration staff, NW Instructors, Poles Apart Suppliers eg. Booking System/External Payment System Supplier (Stripe)/External Retail System Supplier for NW Equipment provision (NWUK)
  • Website - Contact form (E.g. Name, Tel. No, Email address)
  • Booking System
    • Personal & Contact Details (Name/Address/DOB etc.)
    • Medical – Medical (PARQ**) Form.
    • Booking History
    • No card details are saved
  • Hard Copy PARQ/Medical Forms - These are carried by Instructors the interest of safety. To ensure fast access to medical records in the case of a medical emergency. These are kept with the Instructor at all times and returned to a locked cabinet when not in use.
  • Scanned Records – (Doctors Notes Scanned/stored on the One Drive. (see data storage for more info)
  • Stripe (Payment Processor)– Financial/Payment Details (Financial records (not full card details) collected/stored by Stripe are only accessed by Poles Apart from a secure web-based application for record keeping purposes – eg. HMRC records.
  • Printed Class Registers - (Name, tel. no.). These are carried by the Instructor for the purposes of monitoring/recording attendance and providing contact details, required in cases of unexplained absence. These are kept with the Instructor at all times and returned to a locked cabinet when not in use. These are kept for four months for credit monitoring purposes and then shredded.
  • Phone Calls (Contact details held on mobile phones). E.g. Initial Enquiries, General communications.
  • Social Media Communications (Facebook and Facebook Messaging). E.g. Facebook/Messenger enquiries or response to posts, upload of photographs.
  • SMS Communications (Contact details/Communication history). E.g. Initial Enquiries, General communications.
  • WhatsApp - (Contact details/Communication History) (Only Used for specific groups e.g Purbeck Festival Weekend/Easter Challenge. Data Subject’s permission is sought prior to addition to group.
  • Photographic (Taken during sessions/events and shared via Email, Poles Apart Website and/or social media pages (e.g.e Facebook)
  • Contact details held on Instructor/Administration staff mobile devices. All mobile phones are password or thumb print protected. Devices are locked when not in use and are not accessed by other parties.
  • Provider of Banking Services e.g. Where payments are made via the bank used by Poles Apart – details of these transactions will be held/stored by the bank for record keeping purposes.

 

Your personal data may also be used to keep you informed about forthcoming Poles Apart Walks/Events and other Nordic Walking events such as Challenges/Races/Short Breaks run by Third-Parties (e.g. NWUK Nordic Walking Purbeck Festival/Epsom Race For Life) in which Poles Apart members are participating or would be relevant/of interest.

 

**Physical Activity Readiness Questionnaire

 

DATA STORAGE

  • Hard copy Records are kept in a locked filing cabinet on company premises.
  • The Booking site and associated database are protected using industry standard security protocols such as SSL. The database is behind a firewall with specific anti-hacking protection. It has been audited by Qualys on implementation and received a security rating of A (the highest rating you can receive).
  • Poles Apart stores your Email/Electronic documentation data on a secure cloud-based database hosted by Microsoft. In order to comply with GDPR your data must be stored within the European Economic Area (EEA).

 

How Long Personal Data is stored.

Your personal data will be held on our database during the period of our active relationship or until you request us to remove it.

 

We will not keep your personal data for any longer than you wish us to, or for which legal/Regulatory standards dictate. Once it is no longer required we will take all reasonable steps to destroy it or erase it safely/securely from our systems.

 

You can ask us to erase your data at any time by contacting The Data Controller at enquiries@polesapart.biz

 

Please allow us 10 working days for us to action removal of your details.

 

Storage Beyond Active Relationship***

In order to comply with legal/regulatory/professional obligations it may be, on limited occasions, necessary to store some archived data beyond the period of our active relationship or your request to remove it.

 

This would only be to enable compliance with legal obligations/Professional Guidelines e.g. Payment information for Tax Records must be kept for 5 years (after the 31 January submission deadline of the relevant tax year). Additionally Professional/Industry Guidelines recommend Fitness Instructors retain PARQ forms for 7 years beyond the ceasing of an active relationship. Due to the potential for the instigation of future legal action where such records could be required as evidence.

 

THIRD PARTIES

Collection of personal data by Poles Apart is used for the performance of the contract to which the data subject is party or take steps at the request of the data subject prior to entering a contract.

 

There are limited occasions, to enable Poles Apart to deliver on this contract, where it is necessary for Third Parties to receive/collect/store/share personal data. These are for administration, not marketing, purposes.

 

It is possible that third parties may hold data outside of the EU, such as the US, but we only work with Third Parties that are committed to protecting customer data. For example Payment Processor Stripe adheres to the EU US Privacy Shield initiative which meets all ICO Guidance on transfer of data outside of the EU. Further details can be provided on request.

 

Examples of these Third Parties are below:

 

  • Poles Apart Staff - Personal data is accessed/shared with employees/contractors e.g. Administration Staff/Instructors of Poles Apart to enable provision/delivery of our services only, via the methods outlined in this policy.
  • Nordic Walking UK - Retail Provider - For Nordic Walking Equipment Purchase (eg Poles). Financial records processed/collected/stored by NWUK and are not shared with Poles Apart.
  • Stripe – Payment System Provider - For payment of Nordic Walking sessions via the Booking Website. Financial records processed/collected/stored by Stripe and limited records (not full card details) accessed by Poles Apart from a secure web-based application for record keeping purposes – eg. HMRC records.
  • Facebook – Social Media & Text Provider – For provision of the Social Media Page and Messenger.
  • MediaTomCat – Booking System Provider - For Hosting/Processing/Maintenance of the Poles Apart Booking System.
  • Meet-up – Online Community/Booking System – Contact details (name, email add. Etc.) provided from data subject directly to Meet-up and accessed by Poles Apart via their Web-based system.
  • Whatsapp – Event groups created for communication purposes when we are attending events together, only with Data Subjects permission.

 

YOUR RIGHTS

In relation to us processing your personal data you have the following rights, which can be exercised at any time:

  • To withdraw your consent for us to process your data. (See ‘Storage Beyond Active Relationship’*** above for exceptions)
  • To be forgotten – to request your data is no longer processed. (See ‘Storage Beyond Active Relationship’*** above for exceptions)
  • Data Subject Access Requests – a right to request a copy of the data we hold about you. You can request this at any time by contacting The Data Controller at enquiries@polesapart.biz. Upon request, we will collate the data requested and send it to you within the ‘30 day’ maximum period (as stipulated by GDPR May 2018).
  • To object to your data being used by us for the purposes of direct marketing.

 

VERIFYING/UPDATE/AMENDING YOUR PERSONAL DATA

We aim to keep your records as up-to-date as possible.

 

You can at any time verify, update, or amend your personal data or preferences. If you are registered on the Poles apart Booking System, you can amend personal/medical details by logging-in, amending and saving your details.

 

If you are not registered, or are having trouble amending your details, on the Poles Apart Booking System. Please contact us by email at enquiries@polesapart.biz and we will be happy to assist you.

 

Please allow up to 10 working days for us to amend your details on your behalf.

 

GENERAL DATA PRIVACY

These are recommendations for you to keep your data safe:

  • You, as an individual, are responsible for the security of and access to your own computer/devices.
  • Please be careful and responsible whenever you are using the internet.
  • Ensure you close your browser/log-out of internet based systems when you have finished your online activity. This will help ensure others cannot access your personal information and correspondence. This is particularly important if you share a computer/device/phone with someone else or are using a computer in a public place like a library or internet café.
  • Please be aware that whenever you voluntarily disclose personal information over the internet that this information can be collected and used by others. E.g. If you post personal information in publicly accessible online forums, you may receive unsolicited messages from other parties in return.
  • You are solely responsible for maintaining the secrecy of your usernames and passwords and any account information. So do not write these down or share them with others.
  • Sometimes our communications may contain links to other websites. You should be aware that we are not responsible for the privacy practices on other websites.

 

YOUR QUESTIONS

If at any time you have any concerns or you wish to receive further information regarding Poles Apart’s Data Privacy Policy. Please contact our Data Controller Lynn Pickering at enquiries@polesapart.biz.

 

A copy of Poles Apart’s Data Protection Policy is available upon request. It is also available on the Poles Apart Website here.

 

This policy shall be deemed effective as of 25/05/2018. No part of this Policy shall have retroactive effect and shall thus apply only to matters occurring on or after this date.

Contact Me

|

Privacy Policy

|

Cookie Policy

|

© 2018 Poles Apart Nordic Walking