To operate as a “business”, Gill Park Massage & Fitness holds and processes the personal data of its Clients. This notice explains what data is held, how it is processed, and how the “business” complies with the General Data Protection Regulation (GDPR).
Basis: To serve its clients, the “business” has concluded that it is in the interest of its clients to hold and process personal data. In the context of the “business”, processing means storing data and using data for communication purposes.
What Personal Data is held? To enable the safe treatment of clients and effective communication to clients, the “business” holds the following personal data: name, address, email address, telephone number, date of birth, occupation, medical considerations (only used to assess the risk of undertaking massage or personal training). The “business” only holds data that is necessary to operate and all Personal Data is confidential.
What is done with the Personal Data? Personal data is used to (1) record client details, (2) assess the risk of clients undergoing massage or personal training, and (3) communicate with clients so that they can be contacted to book follow up sessions or be made aware of any personal training classes. Communication methods may include phone calls, text messages, and email.
Can I opt out of any communications? If you wish to opt out of any communication, for either massage, personal training or boxing classes, send an email to firstname.lastname@example.org.
How is your Personal Data stored? The Personal Data described above is kept in a paper filing system. Only email addresses are stored electronically on a spreadsheet.
Who has access to your Personal Data? Access is limited to Gillian Park only.
How long is your Personal Data kept? Your personal data is kept as long as you are interested in being a client of Gill Park Massage & Fitness. If you stop wishing to be a client, your data is held for a maximum of six years to comply with HMRC data retention requirements.
Your rights: You have the right to ask the “business” what data is being held that belongs to you, to ask to correct any inaccuracies, to opt out of certain communications and to ask for your Personal Data to be removed or deleted. If you wish to discuss your personal data, please email email@example.com. For further Information on the GDPR please go to https://ico.org.uk .