(How we use client information)
We will ask for a completed booking form for every booking. The booking form will ask for active consent from every client for this data. This will include:
Date of Birth
Name and contact details of next of kin
Medical information such as allergies, medication, illnesses or treatments that may be relevant to the activities for which you are booking
Photo and social media consent
The completed booking forms will be sent to us via electronic means or post and are stored securely. During the booked activity, the following information is shared electronically with the instructor to ensure it can be referenced during the activity and in the case of a medical emergency:
Client name and contact number
Next of kin name and contact number
Medical information pertinent to the activity being undertaken
Once the activity or course is completed the instructor will delete this information from their electronic device.
Why we collect and use this information We use your data to:
to provide you with the services for which you have contracted us
to ensure appropriate medical treatment is provided or sought
to ensure that any dietary needs including allergies are met
to assess the quality of our services
to comply with the law regarding data sharing
where explicit consent is given we may use images and or video footage on our web site or social media networks
The lawful basis on which we use this information
We process client data in line with legislation. Article 6 of the GDPR sets out the legal bases for processing personal data. We rely on the following reasons:
Consent - the client has given us clear consent to process their personal data for a specific purpose.
Contract - the processing is necessary for a contract we have with the client
Legal obligation - the processing is necessary for us to comply with the law (not including contractual obligations
For the purpose of our legitimate interests
The lawful bases for processing Special Category Data (medical data) are set out in Article 9 of the GDPR. We rely on the following bases:
The individual has given explicit consent to the processing of their personal data for one or more specified purposes.
Collecting client information
Whilst the majority of information you provide to us is necessary for us to provide you with the services you have requested, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain client information to us or if you have a choice in this.
Storing client data
We store your data on secure computers and in paper records which are secured physically. We are legally required to store personal data about you after your course or activity has finished. To meet these obligations, we hold client data for a period of 7 years before securely destroying it.
Who we share client information with
We will share contact and pertinent medical information with instructors contracted to us and who are working with you on your course or activity. Other than to meet legal or regulatory obligations we do not share your information with any external bodies or organisations.
Requesting access to your personal data
Under data protection legislation, clients have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your data, please contact us directly.
You also have the right to:
object to processing of personal data that is likely to cause, or is causing, damage or distress
prevent processing for the purpose of direct marketing
object to decisions being taken by automated means
in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner's Office at https://ico.org.uk/concerns/