What is GDPR?
General Data Protection Regulation (GDPR) is the new European law that takes effect from 25 May 2018. The legislation will affect anyone living inside the EU and any organisation that holds the data of EU residents.
GDPR replaces the Data Protection Act 1998 (DPA). GDPR is designed to strengthen the DPA and to give EU citizens more control over how organisations use their data – with large fines introduced for organisations that do not comply.
Key rights from GDPR
- Right to be informed: You, as a client of Pilates Performance, can ask about personal data, how it is used, and why it is being used at any time.
- Right of access: You, as a client of Pilates Performance can request a copy of personal information we hold about you at any time.
- Right of rectification:You, as a client of Pilates Performance can update (or request updates to) personal information at any time.
- Right of erasure: You, as a client of Pilates Performance may request that we erase your personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data.
- Right to object: You, as a client of Pilates Performance can request that we cease to process your data based on legitimate interest or for direct marketing.
What we do with your information
Who we are
Pilates Performance is a Sole Trader company (Sarah MacLachlann t/a Pilates Performance). This a summary of what we, do with your data in order to run our business and provide our customers with our services and products.
We aim to be clear when we collect your data and not do anything with it that you wouldn’t reasonably expect. Developing a better understanding of our customers and those that support us allows us to use the data that we gather to make better decisions about how we do things.
Legitimate Interest Assessment (LIA)
Pilates Performance at all times endeavours to us a Legitimate Interest Assessment (LIA) to ensure that we have a valid reason for collecting and storing client data. You may view the form used here.
What information we collect?
We collect and process a variety of personal information such as name, contact information, date of birth, health, fit and proper check, information about education and employment history, bank/financial information.
If we take payment from you via payment card we will maintain a transaction history but not your payment card number.
Most of the information we collect will have been provided by you or created through use of our services. We collect this information from you through our websites, our portals and from other services such as training courses.
We keep a record of communications with you electronically or otherwise and may track whether emails are received or opened by you to ensure you receive the most up to date, relevant information. See our Cookie notice on our website for more details.
Where is Data Held
When you create an Account with Pilates Performance using our MINDBODY Software, for the purpose of managing your class bookings. Appointment schedule or Membership options, you have the option to “opt in” to receive promotional and non-promotional e-mails, texts, newsletters in order to keep you informed of any promotional offers which we believe you may be interested in. By “opting in” you also allow the software to send you automated e-mail receipts, appointment and scheduling confirmation and reminders. You have the right (at any time) to “opt out” of receipt of these e-mails by going to your PROFILE section on your account (once logged in) and changing the settings as indicated here.
Credit Cards and AutoPay
If you are monthly member at Pilates Performance then you will have your credit/debit card stored on the MINDBODY software to make monthly payments or buy services on-line our via the Pilates Performance APP. Details of your Debit/Credit card are encrypted at source and Pilates Performance never see these details, other than the last 4 digits for identifier purposes.
How do we use your data?
We use your information mainly to provide you with products and services, to understand our customer needs and improve the products and services we offer, and for the day to day running of the business. We also use it to comply with the laws and regulations that apply to us and to protect the business, our customers and employees.
We use profiling and segmentation to ensure communications are relevant and timely, and to provide an ever evolving experience to our customers and the community. When building a profile we may analyse geographic, demographic and other information relating to you in order to better understand your interest and preferences.
Unless you ask us not to, we will tell you about products and services we offer and about opportunities to support us. Occasionally, this may include information about partner organisations.
We keep your data for the minimum period required by law or our regulators. This is usually no longer than seven years. After this time, where appropriate, we will destroy/delete your data unless the relationship is still ongoing.
You have a number of legal rights with regard to your data. These include the right to request a copy of the data held by us, to request that mistakes and inaccuracies are corrected and to request that we stop processing some or all of your personal data for some or all reasons.
If you ask us to stop using your data for marketing purposes, we may still contact you for reasons relating to a product or service you have signed up to.
All third parties used by Pilates Performance for the purposes of marketing (e.g. e-mail and text marketing services) have a clearly defined “opt out” feature where you can choose to immediately stop receiving such information.
If your request requires all data to be removed, this could result in an end to the relationship and services provided by us.
If you would like more information on these rights or on how to do any of the above, please contact us as detailed below. We hope any issue can be resolved by contacting us but if not, you have the right to complain to the Data Protection Commissioner’s Office.
How we ensure the safety of your data
Your data will be held on our business systems (as noted above). Where possible we do not keep more than one record for each customer. All of your data is held securely, with strict access controlled in Ireland.
We may need to disclose your details if required to the police, regulatory bodies, specialist advisors or legal advisors.
Sensitive information is deleted when no longer needed and access is restricted to those who need to use it.
Physical Records and Health Sheets
Due to the nature of our business and the service we provide, it is of necessity, from time to time, that we (our staff) keep written records of clients health issues and various pathologies they may have which have been disclosed to us in order for us to provide appropriate remedial treatment via the services we provide. These written, physical records are, at all times, held securely on our premises in Rathfarnham and are accessed only by authorised staff who are providing the services.
These records are never disclosed to third parties (except on receipt of advance written permission by you, the client) and you have the right, at any time, to request a copy of these files or that they be destroyed. If you cease to be a client of Pilates Performance, you have the right, under law, to request that these personal health files be made available to you.
We will not share any of your information with any other third parties without your agreement unless required in order to fulfil our contract with you, required by our regulators or allowed by law.
Question and Queries