I appreciate how important your privacy is and recognise that I am being trusted with protecting it, so the purpose of this privacy notice is to give you a clear explanation about how I collect and use your personal data in line with General Data Protection Regulations.
You don’t have to give me any of your personal data but, if you don’t, you are unlikely to receive my optimal customer service experience. In some cases, if you do not provide me with certain personal data, I may not be able to work with you or provide my products or services to you (as applicable), or it may adversely affect the provision of my services to you.
This privacy notice aims to give you information on how Sara Davies t/a The Active Health Coach (“I”, “my” “me”) collects and processes your personal data through your use of this website, including any data you may provide when completing questionnaires related to my services or through contact with me over the phone or by email.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice I may provide on specific occasions when I am collecting or processing personal data about you so that you are fully aware of how and why I am using your data. This privacy notice supplements the other notices and is not intended to override them.
For all of my services, the data controller that is responsible for personal data, is Sara Davies t/a The Active Health Coach.You can contact me by emailing firstname.lastname@example.org.
If you have any questions about this privacy notice, including any requests to exercise your legal rights, you can contact me using the details set out in this notice.
Changes to the privacy notice
I may change this privacy notice from time to time, to reflect how I am processing your data.
If I make significant changes, I will make this clear on my website or by such other means of contact such as email, so that you are able to review the changes before continuing to use my services.
THE PERSONAL DATA I COLLECT ABOUT YOU
I collect, use, store and transfer different kinds of personal data about you to enable me to manage the provision of my services to you; to give you information on session times and changes to my programme; to help me monitor and improve the services I provide and, where I am permitted to, to tell you about upcoming activities that I think you may like.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
I collect and process a range of information about you. This includes, for virtually all individuals, your name and contact information (such as your home and/or business address (as applicable), email address and telephone number, records of communications and interactions I have had with you by various means, and basic biographical information including your date of birth and gender (where relevant).
In addition, I may collect the following categories of personal data including data relating to gender, racial or ethnic origin, health and disability (“sensitive personal data”), depending on how you interact with me:
Payment information and details of returns or refunds, where relevant
Class attendance history
I also collect and use Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, I may aggregate your Participation Data to better understand improvement trends. However, if I combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, I treat the combined data as personal data which will be used in accordance with this privacy notice.
Keeping your personal data up-to-date
It is important that the personal data I hold about you is accurate and current. Please keep me informed if your personal data changes during your relationship with me.
HOW I COLLECT YOUR PERSONAL DATA
I may collect your personal information in a number of ways, principally:
Directly from you, for example when you sign up to participate in one of the classes or programmes.
When you make enquiries on my website.
On rare occasions, I may receive information about you from others who are not acting on your behalf (for example, where someone makes a complaint about you which I then investigate)
HOW I USE YOUR PERSONAL DATA
I will use your personal data where I need to perform a contract with you, where it is necessary for my legitimate interests, where you have asked me to or where I need to comply with a legal obligation.
You will only receive marketing communications from me if you have requested information from me, purchased services from me or told me that I can send them to you. You can tell me that you want to stop receiving marketing communications from me at any time.
I will only use your personal data when the law allows me to. Most commonly, I will use your personal data in the following circumstances:
Where I need to perform the contract I am about to enter into or have entered into with you.
Where I need to comply with a legal or regulatory obligation.
Where it is necessary for my legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
For certain processing purposes, I may request your consent to authorise the processing. For example, if you are not a customer of The Active Health Coach and have not enquired about my products or services, I would need a clear consent from you in order to send any communications to you about my products or services.
Performance of Contracts. I will process your personal data where this is necessary for the performance of a contract with you or to take steps at your request before entering into such a contract. For example, I need to process personal data in order to assess your suitability for particular classes or exercises.
Compliance with my legal obligations. In some cases, I need to process your personal data in order to comply with my legal obligations. For example, I need to process personal data in order to comply with health and safety legislation, for safeguarding purposes, and to assist with investigations by police and/or other competent authorities.
Legitimate interests. In other cases, Sara Davies t/a The Active Health Coach has ‘legitimate interests’ in processing personal information about individuals I interact with. I have many such interests, including commercial interests and those with a wider public benefit. In essence, my principal legitimate interests are in pursuing my mission to get more people, more active, more often. Where I rely on legitimate interests as the legal basis for processing personal data, it has considered whether or not those interests are overridden by the interests or fundamental rights or freedoms of the individuals whose data are being processed and concluded that the processing is, on balance, fair.
Consent. I may also process your personal data on the basis of consent you give, for example to send you certain direct marketing communications.
Processing special categories of data. Where I process sensitive personal data, other legal bases for processing may apply, including where our processing is necessary for the establishment, exercise or defence of legal claims, for provision of medical care and treatment, for the purposes of equal opportunities monitoring or where you have otherwise given me your explicit consent (for example, where coaches or officials provide me with data relating to criminal convictions and offences as part of the DBS disclosure process).
CHANGE OF PURPOSE
I will only use your personal data for the purposes for which I collected it, unless I reasonably consider that I need to use it for another reason and that reason is compatible with the original purpose. If I need to use your personal data for an unrelated purpose, I will notify you and I will explain the legal basis which allows me to do so.
Please note that I may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
SHARING YOUR PERSONAL DATA
I do not sell any of your personal data to any third party.
Personal information collected and processed by me may be shared with the following recipients, or categories of recipients, where necessary:
Someone acting on your behalf, for example a next of kin, guardian, or power of attorney; where necessary for your safety and welfare
My employees and volunteers (as applicable), for the purposes of providing particular services to you
My contractors and suppliers, where they process personal data on my behalf (for example payments and hosted software providers and professional advisors).
HM Revenue and Customs, the police and/or other competent authorities as applicable
Typically, The Active Health Coach will not transfer your personal data to countries outside the European Economic Area (EEA). On the limited occasions when this might occur, I will ensure that any such transfer meets the requirements of GDPR.
KEEPING YOUR PERSONAL DATA SECURE
I am committed to keeping your personal data secure and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, I limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on my instructions and they are subject to a duty of confidentiality.
HOW LONG WE WILL KEEP YOUR PERSONAL DATA FOR
I may retain your personal data for as long as is necessary to fulfil the purposes set out in this privacy notice and/or our reasonable requirements. On expiry of the relevant retention period, your personal data will be deleted, suppressed or anonymised, as applicable.
YOUR LEGAL RIGHTS
Under the GDPR, you have the right to:
Obtain access to, and copies of, the personal data that I hold about you
Require me to correct the personal data I hold about you if it is incorrect
Require me to erase your personal data in certain circumstances
Require me to restrict my data processing activities in certain circumstances
Receive from me the personal data I hold about you which you have provided to me, in a reasonable format specified by you, including for the purpose of your transmitting that personal data to another data controller
To object, on grounds relating to your particular situation, to any of my particular processing activities where you feel this has a disproportionate impact on you
Where my processing is based on your consent, you may withdraw that consent, without affecting the lawfulness of my processing based on consent before its withdrawal
If you would like to exercise any of these rights, please contact me in writing. Please note that these rights are not absolute and I may be entitled (or required) to refuse requests where exceptions apply.
If you are not satisfied with how I am processing your personal data, you can complain to the Information Commissioner’s Office (ICO). You can also find out more about your rights under the GDPR (and other data protection legislation) from the Information Commissioner’s Office website available at: www.ico.org.uk.
IF YOU DO NOT PROVIDE PERSONAL DATA
In some cases, described above, the provision of personal data is a contractual requirement, and/or a statutory requirement if you wish to engage with me in a certain way. In those and other cases, if you do not provide me with certain personal data, I may not be able to work with you or provide my products or services to you (as applicable), or it may adversely affect the provision of my services to you.
If you have any queries about this privacy notice or how I process your personal data, you may contact me by email: email@example.com.