This policy was last updated: 04/05/2018
Roundhill Pilates and Physiotherapy Centre is committed to maintaining robust privacy protections for its users. This policy outlines how Roundhill Pilates and Physiotherapy Centre collect, use, share and safeguard information we receive from our other organisations and clients. Where possible, we will take the necessary steps to ensure that users information is safeguarded and kept in accordance with applicable laws and regulations.
What information do we collect?
Your information will be used by us to enable us to provide our services to you. We act as a Data Controller (unless only processing data under a separate agreement) and undertake to protect personal and sensitive data in a manner that is consistent with the requirements of the UK data legislation and the GDPR. We will take reasonable measures to ensure the secure storage of your data.
Information provided to us:
Data is only held on the grounds that we have a contractual obligation to fulfil.
We undertake to protect all personal and sensitive data that is provided to us and in a manner that is consistent with the requirements of the General Data Protection Regulation (GDPR). We will take reasonable measures to ensure the secure storage of all data, see below.
All data given by clients is recorded by us in accordance with the client’s preferences and as permitted under the GDPR. Data will be held on one of the following grounds; with a client’s specific consent; where data retention is necessitated by a contractual relationship; and on the grounds of being a legitimate business interest.
Contact Form: We use the details that you give us, by email or phone, to follow up on enquiries, to send you general information about us and our services. The basis for holding this information is as being for legitimate legal purposes or to fulfil a contractual obligation where the contact is from an existing client.
Photos: We will ask for your express consent to post any photos of you on our website and you will always be given the option to opt-out or remove any photos displayed. We will not give any further personal details alongside any photos used on our website gallery. The gallery is hosted by our website host, 1&1
Phone calls: Any data relating to phone calls, to and from us, may be recorded and retained by us. The data will be held on the basis of being for our legitimate business needs or in order to fulfil our contractual obligations if you are a client of ours.
Emails: We retain copies of emails sent to us on our servers in the Cloud.
We may contact you by email to send you:
· general (non-marketing) communications on the basis on a contractual relationship with us or where we have a legitimate business interest;
· email notifications where you have specifically consented to receive such;
· marketing communications, where specific consent has been given by you.
Users of this website do so at their own discretion and provide any personal information at their own risk.
Information we get from other sources:
From time to time, we may need to obtain information from third parties. This will only apply where it is essential for the provision of our services and as permitted by law. Where applicable we will seek the consent of the client or organisation providing the data.
How we use personal information
Where we act as a Data Processor, we undertake the following obligations in accordance with the GDPR:
· we only act under the documented instructions of the Data Controller
· To ensure confidentiality, assist with legal compliance of the Data Controller, and respond to requests from data subjects (as instructed by the Data Controller)
· Make available all information necessary to demonstrate compliance
· To take measures to assist the Data Controller with ensuring security of processing
· To treat personal data after processing as directed by the Data Controller.
We don’t share, sell, or distribute your data to third parties.
If it is necessary to share data with a subcontractor working on our behalf, the Data Controller will be informed without delay. Any third party must adhere to all data protection laws and regulations.