General Data Protection Regulation Policy Statement

GDPR stands for General Data Protection Regulation and replaces the previous Data Protection Act Directives that were in place. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.

GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. Balance Point Pilates is committed to protecting the rights and freedoms of individuals with respect to processing of client’s personal data.

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

GDPR includes 6 rights for individuals

1) The right to be informed

Balance Point Pilates needs to know client’s names, addresses, telephone numbers, email addresses along with relevant medical history for the treatment or activity they are involved in for the safety and interest of the client. This information is confidential and will not be shared with any external companies for marketing purposes.

2) The right of access

At any point an individual can make a request relating to their data and Balance Point Pilates will need to provide a response (within 1 month). Balance Point Pilates can refuse a request, if we have a lawful obligation to retain data, but we will inform the individual of the reasons for the rejection.

3) The right to erasure

You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, Balance Point Pilates has a legal duty to keep client details for 7 years Data is archived securely and removed after the legal retention period.

4) The right to restrict processing

Clients can object to Balance Point Pilates processing their data. This means that records can be stored but must not be used in any way, for example for communication purposes.

5) The right to object

Clients can object to their data being used for certain activities like marketing or research.

6) The right not to be subject to automated decision-making including profiling.

Automated decisions and profiling are used for marketing based organisations. Balance Point Pilates does not use personal data for such purposes.

Storage and use of personal information

All paper copies of client records are kept in a locked filing cabinet by Balance Point Pilates. The information provided on registration forms is entered on to our secure password protected database. These records are removed after the legal retention period.

All office computers are securely protected, with passwords required for access. Any portable data storage used to store personal data, e.g. USB memory stick, camera and iPads are password protected and/or stored in a locked filing cabinet.

GDPR means that Inline Health must;

* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them

This Policy was adapted in August 2021.