THE PURPOSE OF THIS NOTICE
This Notice is designed to help you understand what kind of information I collect in connection with my services and how I will process and use this information. For the purpose of providing you with my services I will collect and process information that is commonly known as personal data.
This Notice describes how I collect, use, share, retain and safeguard personal data and sets out your individual rights; these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
WHAT IS PERSONAL DATA?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation.
PERSONAL DATA I COLLECT
In order for me to provide my services for you, I will collect and process personal data about you. I will also collect your personal data where you request information about my services and promotions.
HOW DO I COLLECT PERSONAL INFORMATION?
I may obtain personal information from you face to face, by telephone or through my website, mobile applications or other similar devices, channels or applications operated by me.
You may provide me with personal data when completing contact forms, when you contact me via the telephone, when writing to me directly or where I provide you with paper-based forms for completion or I complete a form in conjunction with you.
I make sure that I have appropriate security measures to protect your information. I will periodically review your personal information to ensure that I do not keep it for longer than is permitted by law. Note that it is your responsibility to check and ensure that all information, content, material or data you provide on the website is correct, complete, accurate and not misleading and that you disclose all relevant facts.
I will collect your personal data when you visit my website, where I will collect your unique online electronic identifier; this is commonly known as an IP address.
A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
For the purposes of meeting the Data Protection Act 2018 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place.
WHY DO I NEED YOUR PERSONAL DATA?
I may use your personal information:
1. To enable you to access and use the services;
2. To personalise and improve aspects of our services;
3. To communicate with you, including some or all of the following:
3.1 Sending you information about products and services which I think may be of interest to you – If you agree, I will contact you (depending on your contact preferences) via email, post, telephone, sms, or by other electronic means such as via social and digital media this may include, special offers, newsletters or new services.
3.2 Sending you a confirmation email of your booking or purchase from my web site – when you book a course with me, you will automatically be sent confirmation of your booking by email or SMS so that you have a record of it and can easily retrieve your booking information in the future. This is a standard part of my services and by using the services you agree to receive these communications.
WHY DO I PROCESS YOUR PERSONAL INFORMATION?
I will only collect and use your personal information (as described above points 1 – 3) in accordance with GDPR requirements. My grounds for processing your personal information are as follows:
1. Consent – Where necessary I will only collect and process your personal information if you have given your consent for me to do so, for example, I will only send you certain marketing emails and process any sensitive information about you if we have your consent.
2. Legitimate Interests – I may use and process some of your personal information where we have sensible and legitimate business grounds for doing so. Under European privacy laws there is a concept of “legitimate interests” as a justification for processing your personal information. My legitimate interests for processing your personal information are:
2.1 To communicate with you about the services. I need to keep you informed about your use of the services for example sending you a confirmation email of your booking or purchase. This won’t include marketing communications unless you have given me your consent to receive these; and
2.2 To improve my services. I constantly aim to improve my services to you and using your personal information in this way helps me to do this. You have a right to object to my use of your personal information for these legitimate interests including where I may use your personal information to create a profile to inform customer demographics. If you raise an objection I will stop processing your personal information unless very exceptional circumstances apply, in which case I will let you know why we are continuing to process your personal information. Please contact me if you wish to exercise this right.
Individuals are provided with legal rights governing the use of their personal data. These grant individuals the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data. These rights are known as Individual Rights under the Data Protection Act 2018. The following list details these rights:
– The right to be informed about the personal data being processed;
– The right of access to your personal data;
– The right to object to the processing of your personal data;
– The right to restrict the processing of your personal data;
– The right to rectification of your personal data;
– The right to erase your personal data;
– The right to data portability (to receive an electronic copy of your personal data);
– Rights relating to automated decision making including profiling.
Individuals can exercise their Individual Rights at any time. As mandated by law I will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, I am entitled to charge a reasonable administration fee.
In exercising your Individual Rights, you should understand that in some situations I may be unable to fully meet your request, for example if you make a request for me to delete all your personal data, I may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, I am required by law to grant access to this data for law enforcement, legal and/or health related matters.
The flow of data within the insurance sector is complex and I ask you to keep this in mind when exercising your ‘rights of access’ to your information. Where I may be reliant on other organisations to help satisfy your request this may impact on timescales.
If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please contact me by e-mail firstname.lastname@example.org or by writing to me Vicky Griffiths, VB Health, 1 Mossley Road, Grasscroft, Saddleworth, OL4 4HH.
PROTECTING YOUR DATA
I will take all appropriate technical steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data with authorised third parties.
DATA PRIVACY REPRESENTATIVE
To ensure data privacy and protection has appropriate focus I am the sole Data Privacy Representative, who may be contacted at email@example.com.
HOW LONG DO I KEEP YOUR PERSONAL INFORMATION?
If you are dissatisfied with any aspect of the way in which I process your personal data please contact me Vicky Griffiths. You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat or by calling their helpline on 0303 123 1113.
HOW TO CONTACT US
If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact Vicky Griffiths, VB Health, 1 Mossley Road, Grasscroft, Saddleworth, OL44HH or by e-mailing firstname.lastname@example.org or by telephoning 07507 548814.