& Personal Data
INTRODUCTION TO THE BARN ACADEMY
The Barn Academy a fitness and general health organisation, solely ran by certified instructor Zoe Adkin established in 2019 and is a sole trader business. The basis of the company is that we provide Pilates and Dance classes in several venues around the local area.
PERSONAL DATA AND PRIVACY
In order for The Barn Academy to fulfil its function, we process personal data which relates to participants of our classes. The Barn Academy is committed to maintaining the appropriate confidentiality, integrity and security of personal data that we process by complying with both our legal and ethical obligations in respect of data protection and privacy. This policy sets out the principles The Barn Academy adheres to when processing personal data and outlines the operational aspects of our various data processing activities.
WHAT PERSONAL DATA DO WE COLLECT?
Personal data is any information relating to an identifiable living individual. We collect information about individuals in three distinct ways:
Personal/contact information: names, gender, contact (telephone, email, address, and dates of birth), as well as specific health details directly related to Pilates participants. These details are supplied to us by a participant on a pre-exercise health questionnaire that all participants must complete for our insurance purposes, prior to exercising with us. The data on this questionnaire is held securely for as long as a participant remains with us.
Newsletter: our weekly Newsletter is sent to anyone who actively subscribes to it by entering their email address and name in a signup box on our website. The Newsletter mailing list of names and email addresses is maintained on AWeber. As subscribers sign up to the Newsletter themselves through our website signup box, this ensures that subscribers have knowingly opted in to receive the Newsletter. We do not add subscribers ourselves, and we do not pass subscribers’ email details to any third party.
Payment information: if participants join our Monthly Payment Plan we process details of their chosen payment card onto our banking system (Worldpay). Once these card details are entered into the system we shred and delete any paperwork containing participants’ details. Also, once card details are entered onto our banking system we can no longer see those details.
If individuals choose to supply any other information we handle this securely and treat it with appropriate confidentiality.
We do not track activity of visitors to our website. Any cookies used are purely to aid viewers’ site experience.
WHAT DO WE DO WITH YOUR PERSONAL DATA?
The Barn Academy will use the personal data provided on pre-exercise health questionnaires to give participants the most appropriate Pilates experience.
We will also use the contact details supplied by participants on the pre-exercise health questionnaire to provide them with information on their specific classes and sessions. For example if a class is to be cancelled by adverse weather conditions we will email, text, or call clients to let them know.
Subscribers to our Newsletter can opt-out of receiving the Newsletter or change their preferences at any time by using the ‘Unsubscribe’ or ‘Change Subscriber Options’ links provided at the very bottom of each Newsletter, or by contacting: The Barn Academy, 4 Lady Gate Diseworth Derby,
or via email to office @thebarn.academy
WHAT IS THE LEGAL BASIS FOR OUR DATA PROCESSING?
By law, The Barn Academy may only process personal data where it has a legal justification or requirement to do so. In accordance with that law, The Barn Academy processes personal data as described above because it is:
Necessary for the performance of our Pilates classes and sessions with our participants: and/or
Necessary for the purposes of The Barn Academy’ legitimate interests, namely to fulfil its function as a fitness and health organisation in accordance with applicable law and regulations and to conduct and manage our relationship with specific individuals. Where we use your personal data for The Barn Academy’ legitimate interests, we make sure that we take into account any potential impact that such use may have on you. If we believe your interests or fundamental rights and freedoms override our legitimate interests then we will not use your personal data on this basis and may seek your specific consent, and/or
Necessary for compliance with its legal obligations.
The Barn Academy would not be able to fulfil its function as a fitness and health organisation safely without processing personal data as described in this policy.
If you have any concerns about our processing please refer to details of “Your Rights in Relation to Personal Data” below.
YOUR RIGHTS IN RELATION TO PERSONAL DATA
Individuals whose personal data we process have certain rights in respect of that data, including:
RIGHT TO INFORMATION AND ACCESS - You have the right to request access to the information that we hold about you. In accordance with data protection laws, participants also have the right to receive a copy of any information we hold about them. On request, The Barn Academy will provide participants with copies of their personal data in a convenient format. Where technically feasible, The Barn Academy will also meet any participant’s request to transfer their data to a third party.
RECTIFICATION, ERASURE, AND RESTRICTION - You have the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances. In responding to such requests, The Barn Academy will communicate to the individual concerned the impact of such restrictions or deletions, for example, on The Barn Academy’s ability to teach Pilates classes on their behalf. The Barn Academy takes reasonable steps to ensure that the personal data it holds about you is accurate and up-to-date and we will comply with any requests to rectify any inaccurate data we may hold about you. Requests for access to information regarding personal and financial information should be made in writing to The Barn Academy, 4 Lady Gate Diseworth Derby, DE74 2QF,
or via email to office @ www.thebarn.academy, or by phone 07980307762.
RIGHT TO OBJECT - You have the right to object to The Barn Academy using your information on the basis of its legitimate interests and the right to ask us not to process your personal data where relevant (see “What do we do with your personal data?” section above).
The Barn Academy is committed to respecting individuals’ rights. You may action your rights by contacting us using the details provided above and we will comply with your requests unless we have a lawful reason not to do so. The Barn Academy will endeavour to handle any requests within a reasonable period and, in any event, within a month of the original request.
HOW THE BARN ACADEMY MIGHT SHARE YOUR PERSONAL DATA
The Barn Academy will only share personal data with third parties in the following three ways:
OTHER HEALTH PROFESSIONALS - with your express permission The Barn Academy will share relevant personal data with other health professionals, intended solely for your benefit.
SERVICE PROVIDERS AND SUPPLIERS - The Barn Academy may employ:
◆ external IT consultants to provide support and development services in relation to The Barn Academy’ systems and databases. These consultants may from time to time need to access information which may contain personal data for the purposes of systems testing and development.
◆ third party providers to facilitate certain communications on its behalf, such as mail-outs providing notices of company meetings and elections, which requires them to access contact data. All such third parties are vetted by The Barn Academy to ensure they provide adequate levels of security when processing data.
GENERAL - In some circumstances, The Barn Academy may need to share your personal data where necessary with other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
In all cases we require third parties to maintain appropriate security and confidentiality to protect information from unauthorised access or processing.
The Barn Academy will take appropriate technical and organisational measures to protect the personal data we transmit, store or otherwise process against accidental or unlawful destruction, loss, alteration or unauthorised disclosure or access. To this end, data stored on The Barn Academy computers and portable devices is password protected, and we do not send personal data of any participant over email.
The members’ area of The Barn Academy website requires entering a username/email address and password which is encrypted and known only to the member.
Debit or credit card details that participants provide to The Barn Academy to pay for services are entered onto our secure banking system which takes single payments and automatic monthly payments on our behalf. Once card details are entered, the information cannot be viewed fully again (card numbers are masked out eg, ****1111).
All paper pre-exercise health questionnaire forms are scanned into electronic format and stored on a database which is password and firewall protected. The paper forms are shredded. On a daily basis participants’ personal data are backed up to a secure location.
Unfortunately, as no data transmission over the Internet can be guaranteed to be 100% secure, The Barn Academy cannot guarantee the security of any Internet communication or transmission, though we strive to protect your personal data online, including through use of encryption and other measures. If you have reason to believe that your interaction with us is not secure, please notify us of the problem immediately by contacting us using the details below.
HOW LONG DOES THE BARN ACADEMY RETAIN PERSONAL DATA?
The Barn Academy will only retain personal data for as long as is necessary to provide our services or for as long as we reasonably require to retain the information for our lawful business purposes or comply with a statutory or other legal requirement. Please contact us if you require further information about our retention policies.
In the event of any breach of The Barn Academy systems impacting on the security of a participant’s or any other individual’s personal data, The Barn Academy will inform the affected participant(s) or individual(s) at the earliest opportunity describing the nature of the breach, the possible consequences and the measures being taken to remedy the situation in accordance with our procedures and applicable law.
If you are unhappy with the way in which The Barn Academy processes your personal data, please contact us using the information provided below. You also have the right to lodge a complaint before the Information Commissioner’s Office (ICO), which is the UK data protection authority. Their contact details as are follows: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Telephone: 0303 123 1113 or 01625 545 745; or see their website here.
Please direct any comments or enquires relating to this policy to:
The Barn Academy, 4 Lady Gate Diseworth Derby, DE74 2QF, or via
email through our website www.thebarn.academy, or by phone 07980307762.
UPDATING THIS POLICY
From time to time we may change our data processing activities. We will notify you of any changes to this policy as required by law. We will also post an updated version on our website.