Update May 2018 Data protection policy in accordance with the EU General Data Protection Regulation (GDPR)

1. Introduction

SH Coaching Services Limited needs to collect and use certain types of information about the Individuals we work with in order to carry out our services. This personal information is always collected and handled appropriately whether on paper, stored in a computer database, or recorded in any other format. There are strict safeguards in place to ensure this, under the General Data Protection Regulation 2018 (GDPR), and we commit to full compliance.

This privacy policy sets out how SH Coaching Services Limited uses and protects any personal information given to us during our work and in the use of the website: “www.StephenHedger.com”.

SH Coaching Services Limited is committed to ensuring that privacy is protected. Any information by which a client or customer can be identified will only be used in accordance with this policy.

This policy is subject to routine changes which ensure continued compliance with all privacy and data protection legislation.

This policy is valid from the date specified in the document footer.

2. Data Controller

SH Coaching Services Limited is the Data Controller under the GDPR, which means that we determine the purposes for which personal information is held and used. We are therefore also responsible for ensuring that this data is controlled in full compliance with the GDPR.

3. Disclosure

Personal data will never be sold, distributed or leased to a private third-party. In the very rare occasion that this may be necessary, the express permission of the data subject will be sought unless the law explicitly requires or stipulates otherwise.

SH Coaching Services Limited will never share data with other agencies,
(such as local authorities, funding bodies and voluntary agencies) unless at least one of the following circumstances apply.

The data subject will be made aware in all relevant circumstances of how and with whom their information will be shared. There are however, rare circumstances where the law may require that SH Coaching Services Limited disclose data (including sensitive data) without the data subject’s consent.

These include:

  1. Carrying out a legal duty or as authorised by the Secretary of State
  2. Protecting vital interests of an Individual
  3. The Individual has already made the information public
  4. Conducting any legal proceedings, obtaining legal advice or defending any legal rights

SH Coaching Services Limited regards the lawful and correct treatment of personal information to be of the utmost importance in creating successful working relationships, and to maintaining the confidence of those with whom we deal.

SH Coaching Services Limited intends to ensure beyond all doubt, that personal information is treated lawfully and correctly. To this end, SH Coaching Services Limited will adhere to the Principles of Data Protection, as detailed in the EU General Data Protection Regulation (GDPR).

Specifically, but not exhaustively, these principles require that:

  1. Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
  2. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. Personal data shall be accurate and kept up to date.
  5. Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  6. Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
  7. The controller shall be responsible for, and be able to demonstrate compliance with the GDPR.

SH Coaching Services Limited will, through appropriate management and strict application of criteria and controls:

  • Observe fully, conditions regarding the fair collection and use of information.
  • Meet its legal obligations to specify the legitimate purposes for which information is used.
  • Collect and process appropriate information, and only to the extent that it is needed to fulfill its operational needs or to comply with any legal requirements.
  • Ensure the quality of information kept and used.
  • Ensure that the rights (as defined by the ICO) of people about whom information is held, can be fully exercised under the GDPR. These include:
  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling
  • Take appropriate technical and organisational security measures to safeguard personal information.
  • Ensure that personal information is not transferred to a third-party without suitable legal obligation.
  • Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information.
  • Set out clear procedures for responding to requests for information, erasure of information and cessation of processing.

4. Data Collection

Consent is defined as: “Offering individuals real choice and control. Genuine consent puts individuals in charge, building customer trust and engagement.”

  • Consent requires a positive, verifiable and deliberate opt-in. We, therefore, make sure to have a positive opt-in option for all clients through all relevant communication channels.

Where consent is not required or realistically available, the legitimate interest of the data subject can be used as a lawful basis for personal data processing.

To determine legitimate interest, we make sure to:

  • Identify a justifiable legitimate interest.
  • Show that the processing is necessary to achieve it.
  • Balance it against the individual’s interests, rights and freedoms.

SH Coaching Services Limited will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, or by completing a form.

When collecting data, SH Coaching Services Limited will ensure that the Individual:

  1. Clearly understands why the information is needed.
  2. Understands what it will be used for and what the consequences are should the Individual decide not to give consent to processing.
  3. Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress.
  4. Has received sufficient information on why their data is needed and how it will be used.

Under the stipulations of this policy and in accordance with the GDPR, we may collect the following personal information:

  • Name and job title
  • Contact information including email address
  • Demographic information such as postcode, preferences and interests
  • Other information relevant to customer surveys and/or offers
  • Computer usage information in relation to the use of cookies on our website

5. Data Storage

We do not store our customers’ financial details.

Information and records relating to individuals will be stored securely and will only be accessible to authorised staff and volunteers.

Information will be stored for only as long as it is needed or required by statute and will be disposed of appropriately.

It is SH Coaching Services Limited’s responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third-party.

If SH Coaching Services Limited is requested to delete personal data. This will be seen to immediately.

6. Data Processing

Personal data is collected and processed to understand client’s needs and provide a better service. Data is collected for the following reasons:

  • Internal record keeping
  • Inform the improvement of our products and services
  • Promotional purposes for new products, services and promotions
  • Occasional market research purposes
  • Web cookies are used to customise our website according to personalised interests

7. Online Data and Web Cookies

Cookies are small files which are placed on personal computer hard drives. Cookies allow web applications to respond intelligently to unique individuals. The web application can tailor its operations to individual needs, likes and dislikes by gathering and remembering information about user preferences.

SH Coaching Services Limited uses cookies to help analyse and track our web traffic. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use cookie information for statistical analysis purposes and then the data is removed from the system.

Cookies are designed to help us provide a better website, by enabling us to monitor which pages are most used.

Upon entering our website, the visitor is asked for their consent to the use of cookies. visitors can choose to accept or decline cookies. By declining the use of cookies, users may be prevented from taking full advantage of the website.

8. Data Security

SH Coaching Services Limited is committed to ensuring that all personal information under our control is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect, store and process. For example, all online payments are encrypted, and we do not hold any of our client’s credit card information.

Our website may contain links to external, third-party websites. While every measure is taken to ensure that we only ever link to trusted and reputable sources, we cannot guarantee the security of data outside of our own website.

Third-party websites are not governed by this policy. We cannot, therefore, be responsible for the protection and privacy of any information provided whilst visiting external websites. We recommend that individuals exercise caution, and separately examine the privacy policies of external websites.

9. Data Access and Accuracy

All Individuals have the right to control and access the information SH Coaching Services Limited holds about them. SH Coaching Services Limited will also take reasonable steps ensure that this information is kept up to date by confirming any changes with data subjects.

Individuals may choose to restrict the collection or use of their personal information in the following ways:

  • All forms on the website www.StephenHedger.com include a checkbox, wherein the user can positively consent to the use of their information for direct marketing purposes. If left blank, the user will not be contacted for marketing purposes.
  • Marketing preferences can be changed immediately and at any time, by writing to or emailing us at info@stephenhedger.com.

Individuals may request details of any personal information which we hold on them. All data will be surrendered to the data subject upon request, for free and within 30 days of the request.

The individual has the right do demand amendment or erasure of their personal data at any time.

If it is believed that any information we are holding is incorrect or incomplete, individuals may write to or email us as soon as possible. We will promptly correct any incorrect information.

Individuals wishing to amend, erase or to view a copy of the information held by SH Coaching Services Limited may write to:

10 Harley Street
London
W1G 9PF.

Or Email:

info@stephenhedger.com

In addition, SH Coaching Services Limited will ensure that:

  • It has a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection.
  • Anybody processing personal information understands that they are legally responsible for following the GDPR.
  • Anybody processing personal information is appropriately trained to do so.
  • Anybody processing personal information is appropriately supervised.
  • Anybody wanting to make enquiries about handling personal information knows what to do.
  • It deals promptly and courteously with any enquiries about handling personal information.
  • It describes clearly how it handles personal information.
  • It will regularly review and audit the ways it holds, manages and uses personal information.
  • It regularly assesses and evaluates its methods and performance in relation to handling personal information.
  • All staff are aware that a breach of the rules and procedures identified in this policy may lead to disciplinary action being taken against them.

This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the GDPR.