SURREY HILLS NORDIC WALKING (the “Business”)
Data Privacy Statement relating to the General Data Protection Regulation
This statement is made due to new requirements for data protection arising from the European General Data Protection Regulation (the “GDPR”) which has effect from 25th May 2018.
Under the GDPR, we are required to provide you with information on how we will collect and use personal data about you (the “Client”), the circumstances in which we may share or otherwise use this personal data and to whom we may disclose this personal data.
This statement is for your information and you are not required to take any action.
Information we may collect from you or already hold about you
We collect and process personal data about you in connection with the Business.
Personal data may include your name, date of birth, gender, contact details (eg: email addresses, telephone numbers and home address).
In addition, we may collect and process categories of personal data about you that are of a sensitive nature (“Sensitive Personal Data”), such as medical information relating to your medical history and medications, or photographs.
Purposes for which, and the basis upon which, we will process your personal data
In most cases, the legal basis for processing your personal data will be “legitimate interests”, although there will be other grounds for processing personal data too. This means that it is in the “legitimate interest” of me , or another third party, to process your personal data, we will only grant approval to allow another third party to process personal data we control, after having taken in to account the interests and rights of the Clients of the Business.
Examples of “legitimate interests” are use of your personal data for circulation of regular email updates to all Clients relating to upcoming walks and events, or for text alerts of changes to walks which Clients are booked on.
Where we are required to process Sensitive Personal Data, we will approach the relevant Client for specific consent to the processing of such data.
Retention of personal data
We will hold personal data of Clients only for as long as is necessary to provide services to you through the Business. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, and whether we can achieve the purpose of the processing through other means. In the case of the Business, personal data may be retained by us unless and until you ask me not to, or until you have not been a Client of the Business (ie booked on a walk etc) for a period of two years, or until the Business ceases to operate, whichever occurs first,
Disclosure of personal data
In the course of administering the Business, we may share your personal data with third parties, including Nordic Walking UK (“NWUK”) which administers the NWUK Membership Scheme. These third parties are also required to take appropriate security measures to protect your personal data.
In case of emergency, we may also transfer personal data, which may include Sensitive Personal Data, to members of the emergency services, who are also required to protect this personal data.
Your rights under the GDPR
If you would like to have access to, review, correct, update, transfer, suppress, object to or restrict the processing of your personal data, you can contact us at the addresses below.
Changes to this statement
We reserve the right to change this statement and any other relevant policies or procedures. Any substantial changes to this statement will be provided to you in writing or by other means.
If you have any questions concerning this statement or the policies or procedures referred to above, please contact us by email.
If you are dissatisfied with any aspect of our handling of your personal data, you have a right to lodge a complaint with the Information Commissioners (https://ico.org.uk).