Light Up Your Life Yoga Data Protection Policy Last updated – 23 November 2018
This document sets out my Data Protection Policy. Please read it carefully. If you have any questions do let me know by email or on 0776 100 2389.
Summary – I collect data from people so that I can safely and effectively teach yoga and provide yoga therapy. I have reasons for collecting the data I ask for; I store it safely; I comply with Data Protection Guidelines. The document below sets out in detail what data I collect, why, how I store it, and the rare circumstances in which I share it.
Data collected online
When you contact me by email I keep your email and my reply to increase the efficiency of my business unless there is a completed health form attached, in which case I delete the email once the form has been printed. I access my email account on various devices which have password or PIN protection. My email account is also password protected and requires logging in each time on each device. I do not keep a database of email addresses for marketing purposes. I do not send group emails.
Comments or likes on my Facebook page are in the public domain and I am not responsible for any third party use of this data. If you wish for such comments to be deleted please contact me at email@example.com and I will comply if possible. When people send me messages via Facebook and WhatsApp I keep these as a record of our conversation – I do not share them with third parties but you may wish to check the privacy policies of the Facebook and WhatsApp applications. If you have any concerns about these messages let me know, and I will make a paper record to be stored securely and then delete the messages where possible.
Information collected through automated systems when you visit my website www.lightupyourlifeyoga.co.uk
Cookies – Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They make the site easier to use and track the traffic patterns of visitors. Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It should also allow you to prevent or limit their use.
Personal identifiers from your browsing activity – requests by your web browser for web pages and other content on my website may be recorded as a matter of course by Google Analytics. This information can be used to assess the performance of pages on my website. It may include your geographical information, your Internet Service Provider, and your IP address as well as the software you are using to browse the website to give information about the type of device you are using. I do not currently access this data but if you are not happy with this information being collected then you should leave the website.
Data collected offline
Health forms for my yoga classes – I ask for contact details, date of birth, and health details. I use this information to manage class details and safely teach yoga.
Yoga therapy and one-to-one yoga registration forms – as above, but I also ask for details of medication and occupation because these can be relevant. I ask for GP contact details, which I need for those rare circumstances where I feel your safety or the safety of those you care for may be at risk.
Class registers – I keep a record of who attends my yoga classes. These registers are used to provide information for my tax return and form part of the record I keep for insurance purposes. I carry current registers to class, and store old registers in a locked cabinet at home. The forms I print for registers have first names on them: they are stored in password protected documents on my computer, which is also password protected.
Additional records for Yoga Therapy – Yoga therapy is an individual process and it begins with individual consultations where, with permission, I take notes. I also take notes, with permission, during each follow up individual session to keep a record of how things are going. Following my professional guidelines, I record what has happened during group therapy sessions so that I can check that the sessions are relevant and effective. I keep these records in a locked cabinet in my home.
Storage of data – data is stored in a locked cabinet and is not uploaded onto a computer. When people send me health forms by email, I print the forms off and then delete the email. Health details that have been shared with GetActive as part of the previous arrangements for the Wednesday GetActive class are being safely stored by them on a password protected database.
Length of time data is held – I am required by the Complementary and National Healthcare Council, of which I am a member, to hold records for yoga therapy for 8 years after a client stops attending sessions. I am required by my insurer to hold records of people attending my yoga classes for 7 years after they stop attending classes. Once this time is finished, I shred the forms. If I receive a form from someone who does not attend a session within 6 months of contacting me I shred the form. The health details stored by GetActive will be deleted by them after 5 years, that is in 2023.
Updating information held – People informally let me know if their health has changed. In addition to this, I will ask people to initial and date their health forms to indicate there is no change, or to fill in a new form if their information has changed, every two years.
When you contact me by phone to ask about classes or yoga therapy, if you tell me your name I store your name and number on my phone. My phone is protected by a PIN.
If you are on the waiting list for a class then I keep your number so that I can contact you when a space comes up: if you do not take up the offer of a space I delete your number.
If you attend my classes I keep your number on my phone so that I can contact you if there is an issue with the class. If you do not wish me to do this, please tell me and I will delete it – this will mean that if there is a problem with a class or venue I may not be able to contact you quickly.
When people leave my classes or yoga therapy I keep their number for a while to increase the efficiency of my business unless they ask me to delete it. Before I delete a phone number, I may print text conversations that I need to keep as a record, storing them in a locked cabinet.
On an annual basis I delete the numbers of people who no longer attend classes or yoga therapy unless we have agreed to stay in touch, they have indicated that they may wish to rejoin at a later date, or if there is a text conversation that I need to keep for my records.
If you have given me your phone number on a registration form or email this will be kept for the period specified for offline or online information as appropriate.
When I contact people
When you contact me by email or phone regarding a yoga class, one-to-one yoga therapy or therapy group course, I will reply to your email/text and keep both your email/text and my reply to increase the efficiency of my business.
If your preferred class/course is oversubscribed I may contact you to offer an alternative.
If a class/appointment is cancelled or there is a problem with a venue I will contact people to advise them of this.
It has been my experience that people who regularly attend classes appreciate being contacted if they have missed some classes. If you prefer that I do not contact you in this way please tell me.
I contact people to advise them of holiday dates if they have missed the preceding classes, and to remind them of the start of term after the summer break.
Sharing of data
I do not share any client data with other people or organisations, with the following exceptions –
– I may seek supervision or support from peers or my supervisor – no information that could identify an individual is ever shared.
– In exceptional circumstances if I feel that a client is at risk of harm to themselves or others I may contact their Doctor.
– I keep class registers and receipts for money received as proof of my income – if I were audited by HMRC they would see these registers and receipts, which record attendance/payment by name and date.
Your rights regarding your data
You have the right to know how I collect and store your data.
You have the right to access a copy of your data.
You have the right to correct any data I hold about you.
You have the right to request deletion of your data or to take the data I hold about you to another service provider – in cases where I hold data for insurance purposes or tax records I will anonymise this data as far as possible.
You have the right to restrict how I use your data and object to how I use your data.
Please be aware that I need your data to safely teach you yoga or provide yoga therapy. If I do not hold your data then I cannot provide these services to you.
If you wish to contact me about the data I hold about you please contact me, Lucy Cleary, on 0776 100 2389, or by email. If you wish to write to me please contact me by phone or email for my address.
If I receive any request to access, edit, or delete personal information I will first take reasonable steps to verify your identity before granting your request or otherwise taking any action. This is important to safeguard your information.
Use of website by children
If you are under 18 you may use my website only with consent from a parent or guardian.
Encryption of data sent between us
My website uses Secure Sockets Layer (SSL) certificates to verify my identity to your browser and to encrypt any data you give me.
Whatever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or other trustmark in your browser’s URL or toolbar.
How you can complain
If you are not happy with my data protection policy or if you have any complaint please contact me by email.
If you are in any way dissatisfied about how I process your personal information, you have a right to lodge a complaint with the Information Commissioner’s Office. This can be done at https://ico.org.uk/concerns.
Compliance with the law
My data protection policy has been compiled so as to comply with the law of every country or legal jurisdiction in which I aim to do business. If you think it fails to satisfy the law of your jurisdiction, I would like to hear from you.
I may update this data protection policy from time to time as necessary.
If you are using my website, the terms that apply to you are those posted here on my website on the day you use my website. I advise you to print a copy for your records.