(How we use client information)
We will ask for a completed booking form for every booking. The booking form will ask for active consent from every client for this data. This will include:
- Date of Birth
- Telephone Numbers
- Name and contact details of next of kin
- Medical information such as allergies, medication, illnesses or treatments that may be relevant to the activities for which you are booking
- Photo and social media consent
The completed booking forms will be sent to us via electronic means or post and are stored securely. During the booked activity, the following information is shared electronically with the instructor to ensure it can be referenced during the activity and in the case of a medical emergency:
- Client name and contact number
- Next of kin name and contact number
- Medical information pertinent to the activity being undertaken
- Once the activity or course is completed the instructor will delete this information from their electronic device.
Why we collect and use this information
We use your data to:
- to provide you with the services for which you have contracted us
- to ensure appropriate medical treatment is provided or sought
- to ensure that any dietary needs including allergies are met
- to assess the quality of our services
- to comply with the law regarding data sharing
- where explicit consent is given we may use images and or video footage on our website or social media networks
The lawful basis on which we use this information
We process client data in line with legislation. Article 6 of the GDPR sets out the legal bases for processing personal data. We rely on the following reasons:
- Consent – the client has given us clear consent to process their personal data for a specific purpose.
- Contract – the processing is necessary for a contract we have with the client
- Legal obligation – the processing is necessary for us to comply with the law (not including contractual obligations
- For the purpose of our legitimate interests
The lawful bases for processing Special Category Data (medical data) are set out in Article 9 of the GDPR. We rely on the following bases:
- The individual has given explicit consent to the processing of their personal data for one or more specified purposes.
Collecting client information
Whilst the majority of the information you provide to us is necessary for us to provide you with the services you have requested, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain client information to us or if you have a choice in this.
Storing client data
We store your data on secure computers and in paper records which are secured physically. We are legally required to store personal data about you after your course or activity has finished. To meet these obligations, we hold client data for a period of 7 years before securely destroying it.
Who we share client information with
We will share contact and pertinent medical information with instructors contracted to us and who are working with you on your course or activity. Other than to meet legal or regulatory obligations we do not share your information with any external bodies or organisations.
Requesting access to your personal data
Under data protection legislation, clients have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your data, please contact us directly.
You also have the right to:
- object to the processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Office of The Information Commissioner.