General Data Protection Regulation for On the Run Health and Fitness
Information Audit
The information I hold about my clients is as stored as follows;
In my email (google for business). This holds any emails I’ve sent a client or a client has sent me. These are usually conversations about how I can help, how much things cost etc. They are covered by google retention policy and I can delete them if requested by a client
In dropbox. I use dropbox to share training plans and related documents with running clients. These are provided as part of the services. I also store questionnaires that runners complete for me to be able to write them a training plan. The client has full access to all the data I store about them on dropbox. The documents are managed by dropbox’s retention policy and I will delete them on request.
In my personal notebook. I keep a personal notebook to sketch out training plans, make notes from phone calls, write down details from voicemails and use as a to do list. Personal details are a minimum, usually only first name and phone number if you’ve left me a message to ring you back. Old notebooks are kept in a locked cupboard at home. The current notebook is kept at home.
In my Phone. I will store phone numbers and email addresses of frequently contacted clients in my phone so I can contact them and send them session reminders. These details will have been given to me by the client in order for me to contact them.
On paper; I keep my massage client notes on paper at home. New patient forms may be emailed back to me completed by clients. I will print them and keep them at home. A copy may also exist in my email unless I’m asked to delete it (see above). Hand written notes from treatments are kept at home, when I’m not treating they are kept in a locked box.
On my laptop. Documents you’ve sent me like forms and questionnaires will be saved to my laptop. Documents I create for you; e.g. training plans or exercises suggestions, will also be saved on my laptop. I also take notes of some of my phone calls on my laptop. My laptop is kept at home in a locked box when I’m not using it. It sometimes leaves my home so I can work in different locations, at home and abroad. My laptop is encrypted and has up to date virus protection and firewall. I keep a tracker of running clients and what service they’ve bought on my laptop, also reminders about the races they are doing so I can wish them good luck.
My mailing list. My mailing list is provided and run by Wix. If you agreed to sign up to my mailing list in an email to me I will just store your email address. If you signed up via my website then it will store any information you provide in the name and email address fields. You can unsubscribe at any time by contacting me or via the unsubscribe link on the bottom of the newsletters.
I don’t share your information with anyone other than the organisations stated above; google for email, dropbox for file sharing and Wix for my mailing list. I keep data for 5 years from the last interaction with that client and then it will be deleted or destroyed
Legal Basis for processing information
The legal basis for collecting and processing information is to provide services to the clients
I need to know details about a runner, their life and their running to provide optimal coaching
I need to know some medical details and injury and health details to provide optimal sports and remedial massage and soft tissue therapy.
I need to know details of peoples diet and lifestyle to provide nutrition advice
I need to know details of people’s personal fitness and skills to take them out walking
I need to know contact details to be able to communicate with them
I do not collect information that isn’t relevant to me providing these services
I do not use the data for any other purpose than providing a service, no further analysis or automated decision making takes place. I cannot vouch for what Wix, Google and dropbox do with the data share by their platforms.
Consent to use data
From the 25th May 2018 I will be sharing a link to this document, as a blog post, to all clients in my newsletter and as a reply to any emails sent by me. I’m open to any questions and I’ll explain why I need to collect information and what will happen with it when required.
I do not currently work with anyone under 18.
Your rights over your data
You have the right to see what data I store for you, to ask for it to be changed, deleted, and to opt out of direct communication.
Opt out details for my newsletters are detailed above.
For all other queries please contact me (owner and data protection officer) on alexa@ontherunhealthandfitness.co.uk
Data Breaches
If there are any breaches of the data I keep about you I’ll inform you and let you know the steps I’m going through to rectify the situation. If google, dropbox or Wix suffer a data breach they will let you know directly.
I’ll audit my data policies and update this document every year.
Updates to this policy
This policy was reviewed and updated on the 15th May 2019 to add that I also make notes of my phone conversations on my laptop.
Comments