Update May 2018 Data protection policy in accordance with the EU General Data Protection Regulation (GDPR)
SH Coaching Services Limited needs to collect and use certain types of information about the Individuals we work with in order to carry out our services. This personal information is always collected and handled appropriately whether on paper, stored in a computer database, or recorded in any other format. There are strict safeguards in place to ensure this, under the General Data Protection Regulation 2018 (GDPR), and we commit to full compliance.
SH Coaching Services Limited is committed to ensuring that privacy is protected. Any information by which a client or customer can be identified will only be used in accordance with this policy.
This policy is subject to routine changes which ensure continued compliance with all privacy and data protection legislation.
This policy is valid from the date specified in the document footer.
2. Data Controller
SH Coaching Services Limited is the Data Controller under the GDPR, which means that we determine the purposes for which personal information is held and used. We are therefore also responsible for ensuring that this data is controlled in full compliance with the GDPR.
Personal data will never be sold, distributed or leased to a private third-party. In the very rare occasion that this may be necessary, the express permission of the data subject will be sought unless the law explicitly requires or stipulates otherwise.
SH Coaching Services Limited will never share data with other agencies,
(such as local authorities, funding bodies and voluntary agencies) unless at least one of the following circumstances apply.
The data subject will be made aware in all relevant circumstances of how and with whom their information will be shared. There are however, rare circumstances where the law may require that SH Coaching Services Limited disclose data (including sensitive data) without the data subject’s consent.
- Carrying out a legal duty or as authorised by the Secretary of State
- Protecting vital interests of an Individual
- The Individual has already made the information public
- Conducting any legal proceedings, obtaining legal advice or defending any legal rights
SH Coaching Services Limited regards the lawful and correct treatment of personal information to be of the utmost importance in creating successful working relationships, and to maintaining the confidence of those with whom we deal.
SH Coaching Services Limited intends to ensure beyond all doubt, that personal information is treated lawfully and correctly. To this end, SH Coaching Services Limited will adhere to the Principles of Data Protection, as detailed in the EU General Data Protection Regulation (GDPR).
Specifically, but not exhaustively, these principles require that:
- Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject.
- Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Personal data shall be accurate and kept up to date.
- Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
- Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- The controller shall be responsible for, and be able to demonstrate compliance with the GDPR.
SH Coaching Services Limited will, through appropriate management and strict application of criteria and controls:
- Observe fully, conditions regarding the fair collection and use of information.
- Meet its legal obligations to specify the legitimate purposes for which information is used.
- Collect and process appropriate information, and only to the extent that it is needed to fulfill its operational needs or to comply with any legal requirements.
- Ensure the quality of information kept and used.
- Ensure that the rights (as defined by the ICO) of people about whom information is held, can be fully exercised under the GDPR. These include:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
- Take appropriate technical and organisational security measures to safeguard personal information.
- Ensure that personal information is not transferred to a third-party without suitable legal obligation.
- Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information.
- Set out clear procedures for responding to requests for information, erasure of information and cessation of processing.
4. Data Collection
Consent is defined as: “Offering individuals real choice and control. Genuine consent puts individuals in charge, building customer trust and engagement.”
- Consent requires a positive, verifiable and deliberate opt-in. We, therefore, make sure to have a positive opt-in option for all clients through all relevant communication channels.
Where consent is not required or realistically available, the legitimate interest of the data subject can be used as a lawful basis for personal data processing.
To determine legitimate interest, we make sure to:
- Identify a justifiable legitimate interest.
- Show that the processing is necessary to achieve it.
- Balance it against the individual’s interests, rights and freedoms.
SH Coaching Services Limited will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, or by completing a form.
When collecting data, SH Coaching Services Limited will ensure that the Individual:
- Clearly understands why the information is needed.
- Understands what it will be used for and what the consequences are should the Individual decide not to give consent to processing.
- Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress.
- Has received sufficient information on why their data is needed and how it will be used.
Under the stipulations of this policy and in accordance with the GDPR, we may collect the following personal information:
- Name and job title
- Contact information including email address
- Demographic information such as postcode, preferences and interests
- Other information relevant to customer surveys and/or offers
5. Data Storage
We do not store our customers’ financial details.
Information and records relating to individuals will be stored securely and will only be accessible to authorised staff and volunteers.
Information will be stored for only as long as it is needed or required by statute and will be disposed of appropriately.
It is SH Coaching Services Limited’s responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third-party.
If SH Coaching Services Limited is requested to delete personal data. This will be seen to immediately.
6. Data Processing
Personal data is collected and processed to understand client’s needs and provide a better service. Data is collected for the following reasons:
- Internal record keeping
- Inform the improvement of our products and services
- Promotional purposes for new products, services and promotions
- Occasional market research purposes
- Web cookies are used to customise our website according to personalised interests
7. Online Data and Web Cookies
Cookies are small files which are placed on personal computer hard drives. Cookies allow web applications to respond intelligently to unique individuals. The web application can tailor its operations to individual needs, likes and dislikes by gathering and remembering information about user preferences.
Cookies are designed to help us provide a better website, by enabling us to monitor which pages are most used.
8. Data Security
SH Coaching Services Limited is committed to ensuring that all personal information under our control is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect, store and process. For example, all online payments are encrypted, and we do not hold any of our client’s credit card information.
Our website may contain links to external, third-party websites. While every measure is taken to ensure that we only ever link to trusted and reputable sources, we cannot guarantee the security of data outside of our own website.
Third-party websites are not governed by this policy. We cannot, therefore, be responsible for the protection and privacy of any information provided whilst visiting external websites. We recommend that individuals exercise caution, and separately examine the privacy policies of external websites.
9. Parental Permission
The Sites are not directed to children under the age of 13 and we will not knowingly collect personally identifiable information from children under 13. We strongly recommend that parents participate in their children’s exploration of the internet and any online services, and use their browser’s parental controls to limit the areas of the internet to which their children have access. We may, at our discretion, require users under 18 to obtain the consent of a parent or guardian to view certain content, and we may limit access to certain content to users above a specified age. You agree to abide by any such restrictions, and not to help anyone avoid these restrictions.
Explicit Language & Mature Content
On our Sites we will occasionally discuss mature topics and language relating to personal and professional growth that may use explicit language or “curse words.” Users who are uncomfortable with such topics or language should not use our Sites.
10. Data Access and Accuracy
All Individuals have the right to control and access the information SH Coaching Services Limited holds about them. SH Coaching Services Limited will also take reasonable steps ensure that this information is kept up to date by confirming any changes with data subjects.
Individuals may choose to restrict the collection or use of their personal information in the following ways:
- All forms on the website www.StephenHedger.com include a checkbox, wherein the user can positively consent to the use of their information for direct marketing purposes. If left blank, the user will not be contacted for marketing purposes.
- Marketing preferences can be changed immediately and at any time, by writing to us.
Individuals may request details of any personal information which we hold on them. All data will be surrendered to the data subject upon request, for free and within 30 days of the request.
The individual has the right do demand amendment or erasure of their personal data at any time.
If it is believed that any information we are holding is incorrect or incomplete, individuals may write to or email us as soon as possible. We will promptly correct any incorrect information.
Individuals wishing to amend, erase or to view a copy of the information held by SH Coaching Services Limited may write to:
10 Harley Street
In addition, SH Coaching Services Limited will ensure that:
- It has a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection.