WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
WHAT DATA DO WE COLLECT?
The data collected by COACH RED Wellness can include but isn’t limited to:
- Date of Birth
- Mobile Telephone Number
- Email Address
- Sensitive data that may have an impact on whether you should or should not partake in physical activity.
- Emergency Contact Details Including (Third Party): Name, Emergency Contact Number and Relationship
INFORMATION ABOUT THIRD PARTIES
Information we process, as described in this notice, may also include information about third parties such as your spouse or family members. If you give us information on behalf of someone else, you confirm that the other person has agreed that you can:
- Give consent on his/ her behalf to the processing of his/ her personal data;
- Receive on his / her behalf data protection notices; and
- Give consent to the processing of his/ her potentially sensitive personal data (e.g. any health issues relating to accessibility or dietary requirements or dietary requirements).
A third party is responsible for your payment data – Stripe. You have the right to request this information at any point. We are not responsible for the security or privacy policies of those third party sites, and recommend that you review those parties’ privacy notices before sharing your personal data on those platforms.
WHAT DO WE DO WITH THE INFORMATION WE GATHER?
The information collected on PAR-Q’s, Waivers, Consent Forms, Questionnaires or notes from consultations is used by the company to tailor training sessions and nutritional guidance and to ensure your safety and wellbeing in the event of an emergency. Data is not shared with any third parties. Any information collected cannot be used for marketing purposes.
We cannot ask for more information than is necessary to do our job. An example of this would be a sales person asking for date of birth and email address before they can process an order – it is not necessary to have this information to make a sale.
We will not sell any of your personal information to third parties, nor will we transfer your personal data outside of the European Union without your prior consent.
WHERE IS YOUR DATA STORED (PAPER)?
All PAR-Q information related to CRW will be stored on paper in a locked file cabinet. Only the staff have access to this information and do not share it with anyone else.
Our legitimate interests in this information includes but goes beyond:
- Ensuring that you are kept up to date with any scheduling changes.
- The ability to contact someone appropriate in case of an emergency.
- It is used for the measurement of progress during your fitness journey
- Highlighting any contraindications to exercise that a coach should be aware of to ensure the exercise program is both safe and effective.
HOW LONG WILL DATA BE STORED?
We will retain your personal data in accordance with your instructions and as required by applicable law. We may also retain certain information in order to conduct audits, comply with our legal obligations (and to demonstrate compliance) and to resolve disputes. However, we will not retain your personal data for longer than reasonably necessary.
KEEPING YOUR DATA SECURE (BEYOND PAPER DOCUMENTS)
We have appropriate security measures in place to prevent your personal information being accidentally lost, or used or accessed in an unauthorised way. We also limit access to your personal information to those who have a genuine business need to know it. Some of the technical and organisational measures we use to safeguard your personal data are:
- storing your personal data, in all forms, in a secure environment;
- training our staff on the importance of data protection measures;
- employing SSL (secure sockets layer) encryption on every domain owned by us – this allows us to encrypt any passwords to prevent unauthorised access or disclosure;
- securing our network by an advanced firewall supported by industry standard anti-virus software.
- We also have policies and procedures in place to deal with any suspected data breach so that we can act quickly to minimise any potential damage.
Under the GDPR you have a number of important rights. Those include:
- Right to fair processing of information and transparency over how we use your personal information – we are required to inform you why we want to gather your personal information, what we will do with it, who it will be shared with and how long it will be kept for. That information is set out in this privacy notice, but if you require any further information please don’t hesitate to contact us.
- Right to request a copy of your information – you can request a copy of your information which we hold (this is known as a ‘subject access request’). If you would like a copy of some or all of this information please contact us with proof of your identity and let us know what information you would like. We must provide this information to you in a commonly used and machine readable format.
- Right to require us to correct any mistakes in your information – you can require us to correct any information which we hold. If you would like to do this, please contact us to let us know the information that is incorrect and what is should be replaced with.
- Right to ask us to stop contacting you with direct marketing – you can ask us to stop contacting you for direct marketing purposes at any time. If you would like to do this, please contact us and let us know what method of contact (one or all) you are not happy with.
- Right to restrict processing – you can ask us to suspend the processing of your personal data in certain circumstances, for example, if you have notified us there is a mistake in the information we hold about you, you may ask us to suspend processing until that mistake is rectified.
- Right to erasure – otherwise known as ‘the right to be forgotten’ – you can ask us to delete or remove your personal data from our systems where there is no compelling reason for us to continue processing it.
If you want to exercise any of these rights, please get in touch with us and provide enough information for us to be able to confirm your identity. We may also require proof of your identity, such as a copy of your driving license, passport and a recent utility bill or bank statement, to be sure that we are not releasing any of your personal data to anyone other than you.