Unless otherwise stated, all data is stored in a locked filing cabinet or kept in password protected files that only Sam Hutchinson Fitness (SHF) has access to. SHF can be contacted via telephone (07977 632003) or email (firstname.lastname@example.org). You have the right to: 1) request copies of the data that SHF holds about you. 2) be informed about how SHF uses your data. 3) rectify inaccurate or incomplete data. 4) request the deletion or removal of personal data where there is no compelling reason for its continued processing. 5) restrict the processing of your data. 6) object to your data being processed. If you wish to complain about the use of your data, please contact the Information Commissioner’s Office.
1) Personal data that SHF collects under the lawful basis of ‘Consent’
Phone numbers, email address, address – the purpose(s) of collecting and processing this information are:
1. To communicate with participants who have consented to being contacted regarding class changes. You will only receive communications you have consented to receive, either by requesting to be added to a specific mailing list via email, or by completing the appropriate section on your pre-participation form (e.g. PARQ/health questionnaire).
2. Marketing of new & current classes via weekly email if you consent to receiving these.
3. To send you pre-participation forms and communicate with you regarding participation in classes/courses following an enquiry from you.
4. To issue you with an invoice for services provided by SHF.
Hard copies of contact details are kept in a locked filling cabinet. Digital copies are stored in password protected files and/or SHF’s password protected G Suite account. Only SHF has access to these files and accounts. G Suite is owned by Google and is fully GDPR compliant. Google do not own any data stored in SHF’s G Suite account and do not use it for advertisements or sell it to third parties. Data is encrypted and stored in Google’s data centres (some of which are outside the EU) and G Suite has been assessed as appropriate for use with the UK government’s Cloud Security Principles.
5. Email addresses collected from the contact page on samhutchinsonfitness.com will not be used in any way, other than to reply via email to the enquiry sent to samhutchinsonfitness.com. They will never be added to mailing lists unless you explicitly request this. The website is hosted on the Wix.com platform. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
Emergency contact details – the purpose(s) of collecting and processing this information are:
1. Communication with a friend/family member/partner whose number you have given to SHF for use in the event of an accident/illness affecting you whilst you are participating in a session with SHF.
Emergency contact numbers for pay-as-you-go class participants are stored in a locked cash tin for use during classes that only SHF has access to. Emergency contact numbers for 1:1 clients are kept on the client’s session plan which is stored in a locked filing cabinet except when it’s in use during sessions or is being transported to and from a session. Emergency contact numbers for course participants (e.g. Back-Care Pilates) are kept on a class overview form which is stored in a locked filing cabinet except when it’s in use during sessions or it’s being transported to and from a session.
RMDQs on Back-Care Pilates Courses – the purpose(s) of collecting and processing this information are:
1. To provide two comparable examples of how your back-pain affected you at the beginning of the course vs how it is affecting you at the end of the course.
2. To provide SHF with information about how effective the course has been for you.
Information collected under your consent will be stored securely by SHF unless you ask for your data to be erased. The ‘right to erasure’ (the right to withdraw your data) applies to all information that has been collected under the lawful basis of consent. You can withdraw your data by contacting SHF via email, phone or text. If you withdraw your consent to this information being processed/stored, it will be permanently deleted from SHF’s database. You can unsubscribe from SHF‘s emails by replying to any of the emails you receive from SHF with the word ‘unsubscribe’.
2) Personal data that SHF collects under the lawful basis of ‘Contract’
Address given for 1:1 sessions – the purpose(s) of collecting and processing this information are:
1. To deliver private sessions at a location of your choice (usually your home or place of work). When SHF is providing a session in a location of the client’s choice, the address of the appointment will be temporarily shared with a third party in line with SHF’s safe guarding policy. This policy is designed to protect the instructor when they are working alone. The details of the instructor’s movements and location will be securely shared with a ‘buddy’. If the instructor fails to contact the ‘buddy’ at an agreed time, the ‘buddy’ will try to contact the instructor. If the instructor still fails to make contact, then the emergency services will be alerted and given the details of the instructor’s intended movements and locations. If the instructor does contact the ‘buddy’, the client’s details will be deleted from the ‘buddy’s’ system. If you do not wish to have your appointment time and address shared with a ‘buddy’, please inform SHF. Unfortunately, this will mean the instructor is no longer able to see you at a location of your choice as they will no longer be able to fulfil the requirements of their safeguarding policy.
Hard copies of contact details are kept in a locked filling cabinet. Digital copies are stored in password protected files and/or SHF’s password protected G Suite account (please see section 1 for more information about G Suite). Your details will be permanently destroyed if you have not had an appointment for a year with SHF.
3) Personal data that SHF collects under the lawful basis of ‘Legal obligation’
Registers, records of appointments – the purpose(s) of collecting and processing this information are:
1. To fulfil a legal obligation to HMRC to keep accurate records of all sales and income.
Registers may be shown to HMRC if they request to see SHF’s business records. Registers will be kept for 5 years from the 31st January submission deadline of the relevant tax year. After this they will be destroyed.
4) Special category data (PARQ, PARQ+, pre-participation screening form (health questionnaire), informed consent, medical clearance forms, doctors’ letters, records of postural and movement assessments, written records of verbal information given to SHF and written records of advice given to clients by SHF, personal session plans and records of client achievements during sessions)
This data is collected under the lawful basis of ‘Legitimate interests’ and under GDPR Article 9 (2) (g) and Schedule 1, part 2, condition 20 (insurance) of the UK Data Protection Act that sits alongside the GDPR.
GDPR Article 9 (2) (g): processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
The legitimate interests and purpose(s) of collecting & processing this information are:
1. To ensure it is safe for you to participate in exercise sessions & to identify clients that may need to consult with their doctor before participating in exercise.
2. To enable SHF to adapt exercises appropriately for you.
3. For insurance purposes.
This data will be stored securely and kept for 7 years and, in the event of a legal claim against SHF, will be passed to SHF’s Public Liability Insurance provider. If you do not wish to have these details processed, SHF will not be able to offer their services to you as they will not be able to determine whether this activity is safe for you.
SHF reserves the right to modify this privacy notice at any time, so please review it frequently.
Changes and clarifications will take effect immediately upon their posting on the website.