We take Data Protection very seriously at Inside Out, you are after all trusting us with your personal details, please find below our Data Protection Statement.
General Data Protection Requirement Statement
Supplier : Better247 Ltd t/a Susan Cowlishaw Yoga/SJC Yoga
In compliance with the General Data Protection Requirement I can confirm the following about how I store and manage client information.
When any client works with SJCYoga or joins any SJCYoga class they are asked to complete a Health and Safety Questionnaire. These are the standard forms used for all of our clients regardless of where we see them. These forms are an insurance requirement. The forms ask for name and contact details of the individual joining the class and an emergency contact, and for a date and signature to say that the information given is correct.
The health information given by students will only be shared with a 3rd party in the case of class cover. The 3rd party will be a qualified and insured yoga instructor and approved by SJC Yoga, and be compliant with GDPR. Client names and email addresses will be added to our database, so that existing and past clients can receive our quarterly newsletter. Clients have the opportunity to ask not to be added to the database, and each newsletter has an “Unsubscribe” function.
Storage of Client notes
These forms are stored in a locked filing cabinet at my home, when they are not in use at class. I am the only key holder to the filing cabinet and nobody else has access to it.
Client notes are kept for 7 years. Archived notes (ie from a person no longer attending a session or class) are kept for 7 years from the date of the last session/class attended. They are put in a sealed envelope with the date of archiving written on the front and stored in the filing cabinet as above.
Destruction of out of date notes
After 7 years archived notes will be destroyed. These are “cross cut” shredded and burnt on our log burning stove.
Electronic record keeping
All client health notes are kept on paper. We do not make or store any client notes electronically, all our notes are handwritten and not typed. We keep an electronic data base of student contact details. This is for our information only and for the purposes of sending our quarterly newsletter as mentioned above, and is never shared with other organisations. We always ask permission before adding you to our mailing list, and students added prior to the 2018 GDPR regulations have been asked to “opt in” if they wish to still receive our newsletter. A student can request at any time to be removed from the mailing list, or use the “unsubscribe” function on the newsletter itself. Often clients enquire by email and we reply by email, these emails are kept only as long as necessary, details are not added to a database. I am registered with the Information Commissioner’s Office (ICO).
Service User Access to data
In line with ICO guidelines, We are willing and able to respond to subject access requests for any data we hold. Following guidelines, requests need to be made in writing and we will respond within the 1 month allowed. There will be no charge made for data requests. We reserve the right to refuse or charge for requests that are manifestly unfounded or excessive, informing the individual why and notifying the relevant supervisory authority within the month.