At Tai Chi Globe Academy, we are committed to protecting your privacy. This statement describes how we collect and use personal information. The terms of this statement may change, so please check it from time to time.
Our data protection practices are regulated by a supervisory authority. The UK Supervisory Authority under the General Data Protection Regulation (“GDPR”) is the Information Commissioner’s Office (“ICO”). As a UK-based organisation processing the personal data of individuals based in the UK, our supervisory authority is the ICO.
If you have any queries about this privacy statement, please contact our Data Controller by telephone on 07490 089375 or email firstname.lastname@example.org.
We obtain personal information from you and use it as follows:
We use contact information from web forms, emails, mail and telephone to send you information or materials that you have requested or to provide you a service. Your contact information is also used to contact you when necessary, for example, to fulfil a query or to provide a service.
Any orders/event bookings and donations you make will require personal and financial information. We will collect personal information (such as name and contact details) and financial information (such as account numbers).
Contact information and financial information from the order, donation forms or enquiries are used to fulfil orders or provide services. Your contact information is also used to get in touch with you when necessary, for example to be able to fulfil an order. Financial information that is collected is held securely and deleted on an ongoing basis.
We may sometimes contact you with information from companies which may be of interest to you.
We will not sell or exchange your details with other organisations other than where we have a duty to share your information with third parties, regulatory or law enforcement agencies if we believe in good faith that we are required by law to disclose it in connection with the detection of crime, the collection of taxes or duties, in order to comply with any applicable law or order of a court of competent jurisdiction, or in connection with legal proceedings.
Individuals have access to various newsletters and information updates from Tai Chi Globe Academy and can choose which communications they wish to receive. If you no longer wish to receive these communications, please let us know.
We will collect data about you, both personal data (such as your name and contact details), sensitive personal data (such as information about your mobility requirements and health) and information about the support that we provide. The data will be stored, processed and used in the following ways to provide and administer our services:
Our lawful basis for collecting and using the personal information will depend on the personal information concerned and the specific context in which we collect it.
We will collect personal information from you only:
If you receive any Newsletter or Information Updates from Tai Chi Globe Academy you can withdraw consent at any point.
If you have provided a service to us, we will use your data as necessary to fulfil our contractual obligations, including to enable us to process your request for payment and ensure timely payment.
In order to provide services to individuals we will use your data as necessary to fulfil our contractual obligations, including; to deliver personalised support by email, phone and in person.
We may collate personal information for example recording support provided, under our legitimate interests, enabling us to provide an effective and continuous service to you, improve our services in future and monitor our impact.
If you have used our services, we may keep your personal information for up to three years after you have left under our legitimate interests. We wish to provide a quality experience which includes consideration of the services that we have provided to people. We always weigh the consideration of our legitimate interests against your privacy rights to ensure your rights are not overridden.
By providing us with your personal data, including sensitive personal data such as on your health, you consent to the collection and use of this information in accordance with the purposes described above and this privacy statement. In the event that we need to share your details with other organisations to fulfil your order or query on our behalf, we will ask your consent to do so.
We will normally inform you and ensure you are happy for your information to be shared, but there are times when we may need to share your information without your consent. Examples may include occasions where we are legally required to do so, or the law allows us to do so in order to protect you or other people.
Such situations include:
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable contract, legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymise it.
We have internal policies and controls in place to ensure that your data is not lost, accidentally destroyed, misused or disclosed, or subject to unauthorised access. Where necessary, we implement appropriate network access controls, user permissions and encryption to protect data.
Where we engage third parties to process personal data on our behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Under the General Data Protection Regulation, you have the following data protection rights:
Right of access. If we store your personal data, you have the right to make a subject access request. We are required by law to make this information available to you within a month, unless the request is complex or there are numerous requests. This information will be supplied to you electronically in a format that is accessible to you. This will be free of charge.
Right to rectification. If you become aware that we hold incorrect or incomplete information about you, you can contact us to provide us with the correct information. We have a duty to keep up to date information.
Right to erasure (otherwise known as the ‘right to be forgotten’). If you withdraw your consent and it is our only legal basis for keeping your information, your personal information will be deleted upon your request.
If we no longer have a legitimate interest for keeping your data or the reason for keeping the information at the time you provided it is no longer applicable, we will delete your information upon request.
There may however be situations where it is not possible, for example where we are required to by law. In these cases, we will explain to you why it is not possible to fulfil your request completely, however we will work with you to minimise any processing of that data.
Right to restrict processing. At this request, we will continue to store your data but will restrict any further processing. Decisions to restrict will be based on assessing whether legitimate grounds override individual rights or not.
Right to data portability. This is not applicable to us as we would not currently move your data to another organisation’s IT platform.
Right to object. You have the right to object to any direct marketing. Some of our direct marketing is done through our email briefings which we seek your consent for. If you withdraw consent, we will cease this marketing immediately. You also have the right to object to processing based on legitimate interests or the performance of a task in the public interest, exercise of official authority, or for purposes of scientific/historical research and statistics. At this point we will consider the weight of the legitimate need to process data again the individual’s privacy rights.
Rights regarding automated decision making and profiling. This is not applicable as we do not currently automate decision making nor carry out any profiling.
If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office Helpline on 0303 123 1113 or via the website at https://ico.org.uk/concerns/
If you do not agree to our processing of your data in the manner outlined in the policy, please do not submit any personal data to us.
Further information and accessing your records
If you would like to know more about how we use your information, or if you wish to exercise your aforementioned rights, please contact our Data Controller by telephone on 07490 089375 or email email@example.com.
The data controller must respond to these requests within 1 month.
Where a request for copy of personal data is made electronically, we are able to supply the data in a commonly used electronic format if requested, or unless otherwise requested.
In accordance with the GDPR there is no charge for supply of copies of records, although in certain circumstances you may be charged a reasonable administration fee, for example if you require several copies of the records.
You should be aware that in exceptional circumstances some information may be withheld to protect you from undue harm, or where a third party is involved.
Lee Welch has overall responsibility for implementing and monitoring this policy, which will be reviewed on a regular basis following its implementation and additionally whenever there are relevant changes in legislation or to our working practices.
Policy updated on 26 September 2019
Signed: Lee Welch