Privacy policy
Effective date: 26th November 2019
Introduction
The policy: This privacy policy is served by Sarah Hogg / True North Yoga under the website http://www.truenorthyoga.org. The purpose of this policy is to explain how we control, process, handle and protect your personal information through the business and while your browse or use this website. If you do not agree to the following policy you may wish to cease using/viewing this website and/or refrain from submitting your personal data to us.
We will always treat your information with respect and in accordance to our values.
If you wish to ask a question or make a complaint, please e-mail sarah@truenorthyoga.org
Policy key definitions
‘I’, ‘our’, ‘us’ or ‘we’ refer to the business: Sarah Hogg / True North Yoga.
‘You’ or ‘the user’ refer to the person(s) using this website
GDPR means General Data Protection Act.
‘Cookies’ means small files stored on a user’s computer or device.
Key principles of GDPR
This privacy policy embodies the following key principles: (a) lawfulness, fairness and transparency, (b) purpose limitation, (c) data minimization, (d) accuracy, (e) storage limitation, (f) integrity and confidence, (g) accountability.
Processing of Personal Data
Under the GDPR we control and/or process any personal information about you electronically using the following lawful bases:
We are exempt from registration in the ICO Data Protection register because we only process data for accounts and records; not-for-profit purposes; and marketing, advertising and public relations.
We hold your personal data with consent given at the time of collection, either via the website, hard-copy intake forms, or from confidential notes taken about private therapeutic sessions.
Data is held and processed in order to provide:
· Yoga classes, retreats and trauma-informed therapeutic services
· Education, training and consultancy services
Collection of information
True North Yoga may collect the following information you have given to us:
(a) Personal details such as name or e-mail address collected on registration forms or when signing up for the newsletter.
(b) Information to help us monitor equal opportunities (you can always opt out of providing this information). This includes special categories of personal data e.g. information concerning gender, nationality and racial or ethnic origin, disability information, sexual orientation, faith, educational attainment and carer responsibilities.
(c) Your bank account details, if you give them during payment for services. These are only held or processed within payment systems.
(d) Other information lawfully obtained including images from events (only taken with advance notification and consent), quotes and social impact information.
I may generate the following information:
(a) Records of therapeutic sessions including dates, a brief summary of what was covered and any concerns regarding risk.
(b) Communications with other health professionals.
(c) Anonymised supervision and/or peer reflection notes.
(d) Invoices.
Purposes of Data Processing
(a) To provide yoga classes and services and communicate with you via the newsletter.
(b) Where information has been provided to schedule an initial chat, your information will only be used for this purpose, unless you request further services.
(c) Records of therapeutic work are necessary to help remember and review work.
(d) I am required to be in regular peer supervision/reflection where I discuss my work, having anonymised any details.
(e) Anonymised data (including ‘equal opportunities’ data) may be shared with grant giving organisations for the purposes of obtaining program funding.
Protecting Your Data
Your personal data is protected with secure storage, ensuring only I (with password protected authentication for online storage) can access personal data for the purposes set out in this policy. As well as Mailchimp, I make use of Google Suite. These services are password protected and encrypted. All accounts are accessed via password protected devices including a laptop and mobile phone.
Sensitive data captured for monitoring of equal opportunities and accessibility is not attached to your personal record whenever possible.
This website uses the high standard of SSL protection (see lock icon next to domain address), but I am unable to guarantee data will be completely secure when transmitted. I therefore cannot entirely guarantee the security of any information you transmit through online forms or email enquiries. This information is submitted at your own risk. Once received, every effort is made to ensure data security.
Data Retention
We will hold your information on our systems for as long as is necessary for the relevant activity unless a longer retention period is required by law or professional standards, in which case we will hold your information for the period required by the law or professional standards.
Newsletter
If you wish to unsubscribe from the newsletter (distributed via Mailchimp), select the ‘Unsubscribe’ option at the base of each newsletter. There is also an option to update your preferences, if you wish to modify how you receive the newsletter.
Third Parties
We may occasionally share your details with third parties who require them for the performance of particular functions that support True North in carrying out our business.
This may include:
Technology and service providers: e.g. Mailchimp
Funders: e.g. Lloyds Banking Group, School for Social Entrepreneurs, individual donors. Wherever possible this data will be anonymised. This usually includes ‘equal opportunities’ data that is routinely stored separately from your personal details.
Other healthcare professionals or service providers, for referral or safety purposes.
Cookies and Google Analytics
This website is hosted by Squarespace; they may use cookies for proper operation of their system and to track website usage. You can find out more at http://www.squarespace.com/cookies and http://www.squarespace.com/privacy.
We use integrated tracking from Google Analytics to monitor website usage and improve content quality. Google Analytics uses cookies, but I do not collect personal information that can be used to identify individuals. You can find out more at https://policies.google.com/privacy and https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
By accepting the cookie notification message, you consent to the use of such cookies. Choosing not to accept cookies, or later deleting them from your device, may affect this website’s performance on that device.
Your rights
Under data protection laws you have a right to:
Obtain a copy of your information;
Correct of complete your information;
Procure that we delete your information (unless I am obliged to maintain it by law (e.g. therapeutic records)); and
Withdraw consent to our use of your information (to the extent such use is based on consent) or otherwise object to the way in which we use your information.
If you wish to exercise any of these rights, please e-mail sarah@truenorthyoga.org
You can also reach out to the ICO or other appropriate regulatory authority in relation to your information held by us, and how we use it (contact details can be found at: https://ico.org.uk).
Status of Data Protection Notice
This Data Protection Notice is non-contractual. We reserve the right to amend it as required. Amendments will be posted to the website and, where appropriate, through e-mail notification. Unless otherwise specified all such changes will take effect immediately upon posting to the website.